11241100x80000000000000001740070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41a43b49ececb842022-02-14 08:43:48.430root 11241100x80000000000000001740071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a41d4aeac00fc12022-02-14 08:43:48.430root 11241100x80000000000000001740072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3c2a822643e0b22022-02-14 08:43:48.431root 11241100x80000000000000001740073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d6aaa94fa713cb2022-02-14 08:43:48.431root 11241100x80000000000000001740074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b3cf1b70e578872022-02-14 08:43:48.431root 11241100x80000000000000001740075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5a4411c41ce4b02022-02-14 08:43:48.431root 11241100x80000000000000001740076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1507a7cf3539e4822022-02-14 08:43:48.431root 11241100x80000000000000001740077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd9ff31232e512f2022-02-14 08:43:48.431root 11241100x80000000000000001740078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45f85557b0983862022-02-14 08:43:48.431root 11241100x80000000000000001740079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d187fb9ed059e6dd2022-02-14 08:43:48.432root 11241100x80000000000000001740080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f332cd6f7d9025b2022-02-14 08:43:48.432root 11241100x80000000000000001740081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2b288a58e1d7032022-02-14 08:43:48.432root 11241100x80000000000000001740082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2745b38eeece2882022-02-14 08:43:48.432root 11241100x80000000000000001740083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9e8559ad6eb6672022-02-14 08:43:48.432root 11241100x80000000000000001740084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70341d1eccf65b652022-02-14 08:43:48.432root 11241100x80000000000000001740085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b757d26c283fc7a2022-02-14 08:43:48.432root 11241100x80000000000000001740086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e45b5c8d3e792e12022-02-14 08:43:48.432root 11241100x80000000000000001740087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8239d2539ce2ed02022-02-14 08:43:48.433root 11241100x80000000000000001740088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431b42f6af0469b92022-02-14 08:43:48.433root 11241100x80000000000000001740089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce903fd98a6797d2022-02-14 08:43:48.433root 11241100x80000000000000001740090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e98cfd51d83e0c2022-02-14 08:43:48.433root 11241100x80000000000000001740091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf6d59645b9857e2022-02-14 08:43:48.434root 11241100x80000000000000001740092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3427bc2a250c6442022-02-14 08:43:48.435root 11241100x80000000000000001740093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4483b4f91fbfe02022-02-14 08:43:48.435root 11241100x80000000000000001740094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfd4e8475d3d2f72022-02-14 08:43:48.435root 11241100x80000000000000001740095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c949712dd98888f2022-02-14 08:43:48.436root 11241100x80000000000000001740096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bddff7c8dd990382022-02-14 08:43:48.436root 11241100x80000000000000001740097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39b41216a71008d2022-02-14 08:43:48.436root 11241100x80000000000000001740098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c1bad073a67c8e2022-02-14 08:43:48.436root 11241100x80000000000000001740099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbb64b9ce98753c2022-02-14 08:43:48.437root 11241100x80000000000000001740100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a250ce8a0b177b2022-02-14 08:43:48.437root 11241100x80000000000000001740101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dc9c91483c42882022-02-14 08:43:48.437root 11241100x80000000000000001740102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74691d2a20a705e62022-02-14 08:43:48.438root 11241100x80000000000000001740103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294d6817c19d92232022-02-14 08:43:48.438root 11241100x80000000000000001740104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6f7f024e46a6422022-02-14 08:43:48.930root 11241100x80000000000000001740105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ba81971efc48e52022-02-14 08:43:48.930root 11241100x80000000000000001740106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48426e42ee6b61842022-02-14 08:43:48.930root 11241100x80000000000000001740107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99903647caefac452022-02-14 08:43:48.931root 11241100x80000000000000001740108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f3af8fd3fb89fa2022-02-14 08:43:48.931root 11241100x80000000000000001740109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60c41e0a14a84d22022-02-14 08:43:48.931root 11241100x80000000000000001740110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1bfed8bf9086a72022-02-14 08:43:48.931root 11241100x80000000000000001740111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a6381926b704332022-02-14 08:43:48.932root 11241100x80000000000000001740112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b18cd9859041e522022-02-14 08:43:48.932root 11241100x80000000000000001740113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d57f923478324972022-02-14 08:43:48.932root 11241100x80000000000000001740114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd6afd2046a44772022-02-14 08:43:48.932root 11241100x80000000000000001740115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651f8790d60063ac2022-02-14 08:43:48.932root 11241100x80000000000000001740116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b739cffdf492bbdb2022-02-14 08:43:48.932root 11241100x80000000000000001740117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f8ac0bebfe864e2022-02-14 08:43:48.933root 11241100x80000000000000001740118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80f19a52f1cc0ab2022-02-14 08:43:48.933root 11241100x80000000000000001740119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2bb045a5baaa8d2022-02-14 08:43:48.933root 11241100x80000000000000001740120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61fbd6a28da550e2022-02-14 08:43:48.933root 11241100x80000000000000001740121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882f348fd12eb0612022-02-14 08:43:48.933root 11241100x80000000000000001740122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26b9ddf5242d3032022-02-14 08:43:48.934root 11241100x80000000000000001740123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd55d3348c9fd7e2022-02-14 08:43:48.935root 11241100x80000000000000001740124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f4f93af9bdbb8f2022-02-14 08:43:48.935root 11241100x80000000000000001740125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec1476d5820c3f72022-02-14 08:43:48.935root 11241100x80000000000000001740126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18610e4a61a5d982022-02-14 08:43:48.935root 11241100x80000000000000001740127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d6dcb7772504ca2022-02-14 08:43:48.935root 11241100x80000000000000001740128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf121b09df37e072022-02-14 08:43:48.936root 11241100x80000000000000001740129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85db464fd0890a0f2022-02-14 08:43:48.936root 11241100x80000000000000001740130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e916ddce27454b22022-02-14 08:43:48.936root 11241100x80000000000000001740131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814cee98a5a0ae152022-02-14 08:43:48.936root 11241100x80000000000000001740132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad0d7d3feb0fdc82022-02-14 08:43:48.936root 11241100x80000000000000001740133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9795fde1c12346382022-02-14 08:43:48.936root 11241100x80000000000000001740134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2925746d0567aea02022-02-14 08:43:48.936root 11241100x80000000000000001740135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc5e107c0be40152022-02-14 08:43:48.937root 11241100x80000000000000001740136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:48.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e600af3e742dfef2022-02-14 08:43:48.937root 354300x80000000000000001740137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.113{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51472-false10.0.1.12-8000- 11241100x80000000000000001740138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c0fddc120f89ab2022-02-14 08:43:49.430root 11241100x80000000000000001740139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0bebcca358050f92022-02-14 08:43:49.430root 11241100x80000000000000001740140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99d48341edcf2002022-02-14 08:43:49.430root 11241100x80000000000000001740141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37ff518512211012022-02-14 08:43:49.430root 11241100x80000000000000001740142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb05237f1eacbf662022-02-14 08:43:49.430root 11241100x80000000000000001740143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1740b14ddc30ab9a2022-02-14 08:43:49.430root 11241100x80000000000000001740144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61643bb48a159c702022-02-14 08:43:49.430root 11241100x80000000000000001740145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b6d969b5b86dae2022-02-14 08:43:49.430root 11241100x80000000000000001740146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab56c6daa581bba2022-02-14 08:43:49.431root 11241100x80000000000000001740147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd2a64e399503542022-02-14 08:43:49.431root 11241100x80000000000000001740148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7eb23fba96b24e42022-02-14 08:43:49.431root 11241100x80000000000000001740149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ddc49c9be45f8f2022-02-14 08:43:49.431root 11241100x80000000000000001740150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace241efcaae95e32022-02-14 08:43:49.431root 11241100x80000000000000001740151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fdb07e017bade12022-02-14 08:43:49.431root 11241100x80000000000000001740152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb91463e2105ff492022-02-14 08:43:49.431root 11241100x80000000000000001740153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed58a0bc750bfb3c2022-02-14 08:43:49.431root 11241100x80000000000000001740154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa717094e1f5db72022-02-14 08:43:49.432root 11241100x80000000000000001740155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cfa0fcd8136a782022-02-14 08:43:49.432root 11241100x80000000000000001740156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6679538df6ef7f602022-02-14 08:43:49.432root 11241100x80000000000000001740157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb4432d49c026292022-02-14 08:43:49.432root 11241100x80000000000000001740158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecb19ac338534602022-02-14 08:43:49.432root 11241100x80000000000000001740159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1747aa9c7ed25fea2022-02-14 08:43:49.432root 11241100x80000000000000001740160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78edabb41b357db32022-02-14 08:43:49.432root 11241100x80000000000000001740161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ab8b5916a42b332022-02-14 08:43:49.432root 11241100x80000000000000001740162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbafede81d1443112022-02-14 08:43:49.432root 11241100x80000000000000001740163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7330afa139bd38972022-02-14 08:43:49.433root 11241100x80000000000000001740164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e92d7b9b01e424d2022-02-14 08:43:49.433root 11241100x80000000000000001740165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77535152bd8946df2022-02-14 08:43:49.433root 11241100x80000000000000001740166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6f8b8c11eb81c32022-02-14 08:43:49.434root 11241100x80000000000000001740167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b723d0003cf56c6f2022-02-14 08:43:49.434root 11241100x80000000000000001740168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b283d131f6473532022-02-14 08:43:49.434root 11241100x80000000000000001740169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a305b1287bfbd82022-02-14 08:43:49.434root 11241100x80000000000000001740170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdb026b623bfbbf2022-02-14 08:43:49.434root 11241100x80000000000000001740171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1915e0e2aa9f3082022-02-14 08:43:49.434root 11241100x80000000000000001740172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57decdca63be87082022-02-14 08:43:49.434root 11241100x80000000000000001740173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a80023ccbfc7e442022-02-14 08:43:49.434root 11241100x80000000000000001740174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a804a11266d29d7a2022-02-14 08:43:49.434root 11241100x80000000000000001740175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749400b963ba7bb72022-02-14 08:43:49.930root 11241100x80000000000000001740176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6338b2e3e7e3cfcb2022-02-14 08:43:49.930root 11241100x80000000000000001740177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d084ec02de3cf2de2022-02-14 08:43:49.930root 11241100x80000000000000001740178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545175c4efe0cf432022-02-14 08:43:49.930root 11241100x80000000000000001740179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dd5d52573f3f042022-02-14 08:43:49.930root 11241100x80000000000000001740180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85545247278fbe2f2022-02-14 08:43:49.930root 11241100x80000000000000001740181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4026dfe9a3b53f32022-02-14 08:43:49.930root 11241100x80000000000000001740182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d583dc7930ac412022-02-14 08:43:49.931root 11241100x80000000000000001740183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ced08f89115f602022-02-14 08:43:49.931root 11241100x80000000000000001740184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb7b0f9622f0fac2022-02-14 08:43:49.931root 11241100x80000000000000001740185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8fd2d117c5993a2022-02-14 08:43:49.931root 11241100x80000000000000001740186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701b094faa584d222022-02-14 08:43:49.931root 11241100x80000000000000001740187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e170f36aef4826582022-02-14 08:43:49.931root 11241100x80000000000000001740188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1088ac7a35610d5c2022-02-14 08:43:49.931root 11241100x80000000000000001740189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd974e70a307f79a2022-02-14 08:43:49.931root 11241100x80000000000000001740190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7299a3cba48b9f72022-02-14 08:43:49.932root 11241100x80000000000000001740191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3752a8292ad8f72022-02-14 08:43:49.932root 11241100x80000000000000001740192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca7e59cd6bfe5442022-02-14 08:43:49.932root 11241100x80000000000000001740193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d001de1ec72b4852022-02-14 08:43:49.932root 11241100x80000000000000001740194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291a8e45cd3bb4d72022-02-14 08:43:49.932root 11241100x80000000000000001740195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3b4b48a9a9a1152022-02-14 08:43:49.932root 11241100x80000000000000001740196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5de65145c670d612022-02-14 08:43:49.933root 11241100x80000000000000001740197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2952e7e6758825252022-02-14 08:43:49.933root 11241100x80000000000000001740198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599da40443fdc3e12022-02-14 08:43:49.933root 11241100x80000000000000001740199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf7f960465dba602022-02-14 08:43:49.933root 11241100x80000000000000001740200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5baef62937a0ce9e2022-02-14 08:43:49.933root 11241100x80000000000000001740201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597c4cc7eb0a982c2022-02-14 08:43:49.933root 11241100x80000000000000001740202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ded618000be659c2022-02-14 08:43:49.933root 11241100x80000000000000001740203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291a64dfcf2fb0ec2022-02-14 08:43:49.933root 11241100x80000000000000001740204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830b5ee822195fcf2022-02-14 08:43:49.934root 11241100x80000000000000001740205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f62be20b147dc32022-02-14 08:43:49.934root 11241100x80000000000000001740206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90af981cf80d790e2022-02-14 08:43:49.934root 11241100x80000000000000001740207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:49.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5278272f5af8cb172022-02-14 08:43:49.934root 11241100x80000000000000001740208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8daeecd1d9d450eb2022-02-14 08:43:50.430root 11241100x80000000000000001740209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d29972b1eaa88192022-02-14 08:43:50.430root 11241100x80000000000000001740210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae24f4ca5a3528212022-02-14 08:43:50.430root 11241100x80000000000000001740211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505fccf2648afd412022-02-14 08:43:50.430root 11241100x80000000000000001740212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051a9af376f6c08d2022-02-14 08:43:50.430root 11241100x80000000000000001740213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95525d56fc88fe22022-02-14 08:43:50.430root 11241100x80000000000000001740214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cb5b3820a7cd862022-02-14 08:43:50.430root 11241100x80000000000000001740215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bdd6ed3da6a87a2022-02-14 08:43:50.431root 11241100x80000000000000001740216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1470f4dd49235772022-02-14 08:43:50.431root 11241100x80000000000000001740217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f09a7312eb3eef12022-02-14 08:43:50.431root 11241100x80000000000000001740218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6fc25578be3c622022-02-14 08:43:50.431root 11241100x80000000000000001740219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3f1777dc3656422022-02-14 08:43:50.431root 11241100x80000000000000001740220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3955110d7032ec2022-02-14 08:43:50.431root 11241100x80000000000000001740221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafe641ce548f8472022-02-14 08:43:50.431root 11241100x80000000000000001740222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cced65b0309fbf1e2022-02-14 08:43:50.431root 11241100x80000000000000001740223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7654a92f9668f22022-02-14 08:43:50.431root 11241100x80000000000000001740224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b6a320e67e1cc32022-02-14 08:43:50.431root 11241100x80000000000000001740225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ff58ce3b06a2582022-02-14 08:43:50.432root 11241100x80000000000000001740226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7965e720888903202022-02-14 08:43:50.432root 11241100x80000000000000001740227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44a74cffe7124ba2022-02-14 08:43:50.432root 11241100x80000000000000001740228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e174bf7d807bd5142022-02-14 08:43:50.432root 11241100x80000000000000001740229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f01be59b34e36eb2022-02-14 08:43:50.432root 11241100x80000000000000001740230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d925983e3db7c152022-02-14 08:43:50.432root 11241100x80000000000000001740231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df63750c54c07a92022-02-14 08:43:50.432root 11241100x80000000000000001740232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e280a17c3b66e62022-02-14 08:43:50.432root 11241100x80000000000000001740233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1ad9e23334619a2022-02-14 08:43:50.432root 11241100x80000000000000001740234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584216e612611eed2022-02-14 08:43:50.432root 11241100x80000000000000001740235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f0784b7522f0022022-02-14 08:43:50.432root 11241100x80000000000000001740236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e5417a1622813f2022-02-14 08:43:50.433root 11241100x80000000000000001740237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48cd4cee065bf182022-02-14 08:43:50.433root 11241100x80000000000000001740238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09df4964fe94bed72022-02-14 08:43:50.433root 11241100x80000000000000001740239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39f344368b25f402022-02-14 08:43:50.433root 11241100x80000000000000001740240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7893c592e86e3c7c2022-02-14 08:43:50.434root 11241100x80000000000000001740241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e847a837181837d62022-02-14 08:43:50.434root 11241100x80000000000000001740242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ac3def93e617022022-02-14 08:43:50.434root 11241100x80000000000000001740243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704a03128561b7212022-02-14 08:43:50.434root 11241100x80000000000000001740244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcafbb0ccb34c942022-02-14 08:43:50.434root 11241100x80000000000000001740245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4969769d19de8cbc2022-02-14 08:43:50.434root 11241100x80000000000000001740246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7716fca016a91e9f2022-02-14 08:43:50.434root 11241100x80000000000000001740247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55839aedc031ea62022-02-14 08:43:50.434root 11241100x80000000000000001740248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeddb0a4d1f6fe372022-02-14 08:43:50.435root 11241100x80000000000000001740249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5487dc41983096842022-02-14 08:43:50.435root 11241100x80000000000000001740250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ec1145184460282022-02-14 08:43:50.930root 11241100x80000000000000001740251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e431b78ac65a7daa2022-02-14 08:43:50.930root 11241100x80000000000000001740252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75ee512c13d419d2022-02-14 08:43:50.930root 11241100x80000000000000001740253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48548b6fcd32837b2022-02-14 08:43:50.930root 11241100x80000000000000001740254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfc54aa181c9f9f2022-02-14 08:43:50.931root 11241100x80000000000000001740255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01af2776972f37d82022-02-14 08:43:50.931root 11241100x80000000000000001740256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973e8941ae23b4b82022-02-14 08:43:50.931root 11241100x80000000000000001740257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e215fce789bc8a2022-02-14 08:43:50.931root 11241100x80000000000000001740258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df3c392351d7a532022-02-14 08:43:50.931root 11241100x80000000000000001740259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0507024f5d31e12022-02-14 08:43:50.931root 11241100x80000000000000001740260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1fba42ca2a212b2022-02-14 08:43:50.931root 11241100x80000000000000001740261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e227e4bbf7b5fba2022-02-14 08:43:50.931root 11241100x80000000000000001740262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e616944f022c962022-02-14 08:43:50.932root 11241100x80000000000000001740263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea7b7b3223d95102022-02-14 08:43:50.932root 11241100x80000000000000001740264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709b49ff79df89ec2022-02-14 08:43:50.932root 11241100x80000000000000001740265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5059a296157b2542022-02-14 08:43:50.932root 11241100x80000000000000001740266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6e78791591d2ee2022-02-14 08:43:50.932root 11241100x80000000000000001740267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d000fa3e0d3e2d7e2022-02-14 08:43:50.932root 11241100x80000000000000001740268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d24f259d399c7112022-02-14 08:43:50.932root 11241100x80000000000000001740269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beaa65811c830aff2022-02-14 08:43:50.932root 11241100x80000000000000001740270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0f50edeb89c6302022-02-14 08:43:50.932root 11241100x80000000000000001740271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf23c5db86828af2022-02-14 08:43:50.932root 11241100x80000000000000001740272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879bfc74cde7dd0b2022-02-14 08:43:50.933root 11241100x80000000000000001740273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9252c0160a59d7e2022-02-14 08:43:50.933root 11241100x80000000000000001740274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f95ccbbbd65cb32022-02-14 08:43:50.933root 11241100x80000000000000001740275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9520049e91f955c2022-02-14 08:43:50.933root 11241100x80000000000000001740276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee49634ce4a73922022-02-14 08:43:50.933root 11241100x80000000000000001740277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5196183d11bb162022-02-14 08:43:50.933root 11241100x80000000000000001740278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba88f733b365b27d2022-02-14 08:43:50.933root 11241100x80000000000000001740279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c61667d00427bcc2022-02-14 08:43:50.934root 11241100x80000000000000001740280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf231cdbc3718da2022-02-14 08:43:50.936root 11241100x80000000000000001740281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9e9ba78a4de4022022-02-14 08:43:50.936root 11241100x80000000000000001740282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d09fa18f6e9d022022-02-14 08:43:50.936root 11241100x80000000000000001740283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f78656e594a41c72022-02-14 08:43:50.936root 11241100x80000000000000001740284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ba7eccf008f4b52022-02-14 08:43:50.936root 11241100x80000000000000001740285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2056efdec5ddc8c2022-02-14 08:43:50.936root 11241100x80000000000000001740286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:50.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12df71855a4879992022-02-14 08:43:50.936root 11241100x80000000000000001740287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a439839b19f2d42022-02-14 08:43:51.430root 11241100x80000000000000001740288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9469830e19dc9f3f2022-02-14 08:43:51.431root 11241100x80000000000000001740289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61daca62396aba72022-02-14 08:43:51.431root 11241100x80000000000000001740290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b48c5ab7faec062022-02-14 08:43:51.431root 11241100x80000000000000001740291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1aead996de0f412022-02-14 08:43:51.431root 11241100x80000000000000001740292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07077897b3b4b1672022-02-14 08:43:51.432root 11241100x80000000000000001740293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca36dff518ec7192022-02-14 08:43:51.432root 11241100x80000000000000001740294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68313d91cfd5f372022-02-14 08:43:51.432root 11241100x80000000000000001740295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d36d1d327a6cdf2022-02-14 08:43:51.432root 11241100x80000000000000001740296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529b4601ad513a6b2022-02-14 08:43:51.432root 11241100x80000000000000001740297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210d5d0fc0857d082022-02-14 08:43:51.432root 11241100x80000000000000001740298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b82f7a43828c702022-02-14 08:43:51.433root 11241100x80000000000000001740299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4e906886108dfa2022-02-14 08:43:51.433root 11241100x80000000000000001740300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3549a2a1d4393212022-02-14 08:43:51.433root 11241100x80000000000000001740301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b74011d4142a0912022-02-14 08:43:51.433root 11241100x80000000000000001740302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b309bf6c930dd5222022-02-14 08:43:51.433root 11241100x80000000000000001740303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0422e60c6c31c4ef2022-02-14 08:43:51.433root 11241100x80000000000000001740304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88b8293956d57a42022-02-14 08:43:51.433root 11241100x80000000000000001740305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4ac3d94f4330922022-02-14 08:43:51.433root 11241100x80000000000000001740306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90ac5859d8c5c1f2022-02-14 08:43:51.434root 11241100x80000000000000001740307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cbd053438f17072022-02-14 08:43:51.434root 11241100x80000000000000001740308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda5c3229905948d2022-02-14 08:43:51.434root 11241100x80000000000000001740309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117a4e7f8ea883e32022-02-14 08:43:51.434root 11241100x80000000000000001740310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25044669ee4c07b52022-02-14 08:43:51.434root 11241100x80000000000000001740311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c6abdda725965a2022-02-14 08:43:51.434root 11241100x80000000000000001740312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf38515232cfd572022-02-14 08:43:51.434root 11241100x80000000000000001740313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6690148fb7d4c72022-02-14 08:43:51.434root 11241100x80000000000000001740314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737864c9bc2565c82022-02-14 08:43:51.435root 11241100x80000000000000001740315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22eef9f54b50fd382022-02-14 08:43:51.435root 11241100x80000000000000001740316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df228432b3cf0fd2022-02-14 08:43:51.436root 11241100x80000000000000001740317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfaabf58dd506542022-02-14 08:43:51.436root 11241100x80000000000000001740318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a6239321678eb12022-02-14 08:43:51.437root 11241100x80000000000000001740319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7c46f21632d0822022-02-14 08:43:51.437root 11241100x80000000000000001740320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5a608bc47982ec2022-02-14 08:43:51.930root 11241100x80000000000000001740321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e4ff7dd4fb762f2022-02-14 08:43:51.931root 11241100x80000000000000001740322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed92da9c3a8ea502022-02-14 08:43:51.931root 11241100x80000000000000001740323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96671c957db6e3ed2022-02-14 08:43:51.931root 11241100x80000000000000001740324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820bdd89bcb83a1c2022-02-14 08:43:51.932root 11241100x80000000000000001740325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8e5de8a688c4f22022-02-14 08:43:51.932root 11241100x80000000000000001740326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b05cdc973aa23a2022-02-14 08:43:51.932root 11241100x80000000000000001740327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee833cbe52b4d22d2022-02-14 08:43:51.932root 11241100x80000000000000001740328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4d8847f9a7fab52022-02-14 08:43:51.933root 11241100x80000000000000001740329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a5df1bbf39fcd92022-02-14 08:43:51.933root 11241100x80000000000000001740330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ec056561fe0ceb2022-02-14 08:43:51.933root 11241100x80000000000000001740331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfa8367767fd7d32022-02-14 08:43:51.934root 11241100x80000000000000001740332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ad1e232d334b842022-02-14 08:43:51.934root 11241100x80000000000000001740333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55379c48417df632022-02-14 08:43:51.934root 11241100x80000000000000001740334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845e3c54c229ba762022-02-14 08:43:51.934root 11241100x80000000000000001740335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593d238ce80e3a622022-02-14 08:43:51.935root 11241100x80000000000000001740336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eada0c8a45d7a8e32022-02-14 08:43:51.935root 11241100x80000000000000001740337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29950a4f51eae8ea2022-02-14 08:43:51.935root 11241100x80000000000000001740338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb57fc6ed76bd442022-02-14 08:43:51.935root 11241100x80000000000000001740339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4067fded9fae029d2022-02-14 08:43:51.935root 11241100x80000000000000001740340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e607ded51b3d052022-02-14 08:43:51.936root 11241100x80000000000000001740341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ded7098cf6dee772022-02-14 08:43:51.936root 11241100x80000000000000001740342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa807b070db126302022-02-14 08:43:51.936root 11241100x80000000000000001740343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f12e9601a2aac02022-02-14 08:43:51.936root 11241100x80000000000000001740344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d8f502f6089bcf2022-02-14 08:43:51.936root 11241100x80000000000000001740345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27e1947b908aede2022-02-14 08:43:51.937root 11241100x80000000000000001740346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ded083521e50f02022-02-14 08:43:51.937root 11241100x80000000000000001740347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d481ed8e7bfa2ac2022-02-14 08:43:51.937root 11241100x80000000000000001740348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017bcbb01a59aeef2022-02-14 08:43:51.937root 11241100x80000000000000001740349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a1feb91660b3052022-02-14 08:43:51.938root 11241100x80000000000000001740350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e2e28f44d173502022-02-14 08:43:51.938root 11241100x80000000000000001740351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e450bd96ee6cc1ad2022-02-14 08:43:51.938root 11241100x80000000000000001740352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:51.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3812a4433a673f02022-02-14 08:43:51.939root 11241100x80000000000000001740353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f5e895ccb139b02022-02-14 08:43:52.430root 11241100x80000000000000001740354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840537a10431e9682022-02-14 08:43:52.430root 11241100x80000000000000001740355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbfe65b042eae972022-02-14 08:43:52.431root 11241100x80000000000000001740356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5d25a2623d98c82022-02-14 08:43:52.431root 11241100x80000000000000001740357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfbe5e737d275242022-02-14 08:43:52.431root 11241100x80000000000000001740358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb813edea9624522022-02-14 08:43:52.431root 11241100x80000000000000001740359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a15130b1fc9d7772022-02-14 08:43:52.432root 11241100x80000000000000001740360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73332e51371b642c2022-02-14 08:43:52.432root 11241100x80000000000000001740361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97767db86afcc23d2022-02-14 08:43:52.432root 11241100x80000000000000001740362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f310a8abd41a752022-02-14 08:43:52.432root 11241100x80000000000000001740363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca45b4a9514d34f42022-02-14 08:43:52.432root 11241100x80000000000000001740364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1523442d2ac047be2022-02-14 08:43:52.432root 11241100x80000000000000001740365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef4b74b8c3d069a2022-02-14 08:43:52.433root 11241100x80000000000000001740366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4386b1cbb782652022-02-14 08:43:52.433root 11241100x80000000000000001740367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f403363d5552672022-02-14 08:43:52.433root 11241100x80000000000000001740368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3207b5291d7c892022-02-14 08:43:52.433root 11241100x80000000000000001740369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc0485455b7fdf82022-02-14 08:43:52.434root 11241100x80000000000000001740370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91221f9c0af72d32022-02-14 08:43:52.434root 11241100x80000000000000001740371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f429b70294f1e02022-02-14 08:43:52.434root 11241100x80000000000000001740372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9c9f2d562d10a52022-02-14 08:43:52.434root 11241100x80000000000000001740373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09cfa64387d5cda42022-02-14 08:43:52.435root 11241100x80000000000000001740374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720c803ed976c8222022-02-14 08:43:52.435root 11241100x80000000000000001740375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0f1821ea4f0a542022-02-14 08:43:52.435root 11241100x80000000000000001740376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1bccf50c17f73d2022-02-14 08:43:52.435root 11241100x80000000000000001740377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff73e832271dc1402022-02-14 08:43:52.435root 11241100x80000000000000001740378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c742e0fe0e2d92942022-02-14 08:43:52.436root 11241100x80000000000000001740379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6438b184d1196e2022-02-14 08:43:52.436root 11241100x80000000000000001740380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2067cb78706199b02022-02-14 08:43:52.436root 11241100x80000000000000001740381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef493586c4ee22752022-02-14 08:43:52.436root 11241100x80000000000000001740382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3af72359c5af7c2022-02-14 08:43:52.436root 11241100x80000000000000001740383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b016514e0f86d2052022-02-14 08:43:52.437root 11241100x80000000000000001740384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f2f821b422214b2022-02-14 08:43:52.437root 11241100x80000000000000001740385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7480ae51a8f01ce02022-02-14 08:43:52.437root 11241100x80000000000000001740386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3395115cf3c16c622022-02-14 08:43:52.438root 11241100x80000000000000001740387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264b3ca16a7a95962022-02-14 08:43:52.930root 11241100x80000000000000001740388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d28b4421b546722022-02-14 08:43:52.930root 11241100x80000000000000001740389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c9ebfb3d6f03dc2022-02-14 08:43:52.930root 11241100x80000000000000001740390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4034c09039afde192022-02-14 08:43:52.930root 11241100x80000000000000001740391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfe39056b5548112022-02-14 08:43:52.931root 11241100x80000000000000001740392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa432902214d4d52022-02-14 08:43:52.931root 11241100x80000000000000001740393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0192a0354f88d9c42022-02-14 08:43:52.931root 11241100x80000000000000001740394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0eae78e2ea906bf2022-02-14 08:43:52.931root 11241100x80000000000000001740395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ea8b8d44e2308e2022-02-14 08:43:52.931root 11241100x80000000000000001740396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0609359c677b77aa2022-02-14 08:43:52.931root 11241100x80000000000000001740397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78cb61692ec5ef92022-02-14 08:43:52.932root 11241100x80000000000000001740398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219d19947c6ef36a2022-02-14 08:43:52.932root 11241100x80000000000000001740399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7728ab8f209857e92022-02-14 08:43:52.932root 11241100x80000000000000001740400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb7c1aad53291502022-02-14 08:43:52.932root 11241100x80000000000000001740401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff38d1bb2a7b2f342022-02-14 08:43:52.932root 11241100x80000000000000001740402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f40847859a847f2022-02-14 08:43:52.932root 11241100x80000000000000001740403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e7356010332a092022-02-14 08:43:52.933root 11241100x80000000000000001740404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e34403570cd2af2022-02-14 08:43:52.933root 11241100x80000000000000001740405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b0596b7821df142022-02-14 08:43:52.933root 11241100x80000000000000001740406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42191b4765ec7352022-02-14 08:43:52.934root 11241100x80000000000000001740407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c602b2e93ebb85cf2022-02-14 08:43:52.934root 11241100x80000000000000001740408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8f6e803c710f4d2022-02-14 08:43:52.934root 11241100x80000000000000001740409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0864106a035aa0eb2022-02-14 08:43:52.934root 11241100x80000000000000001740410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c95d6f203d354482022-02-14 08:43:52.934root 11241100x80000000000000001740411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3690d9c401169b192022-02-14 08:43:52.934root 11241100x80000000000000001740412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b000604458e8bc62022-02-14 08:43:52.934root 11241100x80000000000000001740413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12025e8a78fd47472022-02-14 08:43:52.934root 11241100x80000000000000001740414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104a5090ac6b8a182022-02-14 08:43:52.934root 11241100x80000000000000001740415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f86c01491400032022-02-14 08:43:52.935root 11241100x80000000000000001740416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9db52be380f10ce2022-02-14 08:43:52.935root 11241100x80000000000000001740417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a6b4e184a1b79d2022-02-14 08:43:52.935root 11241100x80000000000000001740418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e627e655b278e12022-02-14 08:43:52.935root 11241100x80000000000000001740419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605c1d91714cc8622022-02-14 08:43:52.935root 11241100x80000000000000001740420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9e19539ef1f7d42022-02-14 08:43:52.935root 11241100x80000000000000001740421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265be99ac1a316732022-02-14 08:43:52.935root 11241100x80000000000000001740422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efaedca00a535192022-02-14 08:43:52.935root 11241100x80000000000000001740423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1176b6e93ba4c42022-02-14 08:43:52.935root 11241100x80000000000000001740424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd4839170444fae2022-02-14 08:43:52.935root 11241100x80000000000000001740425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7167f8e0d9716c6a2022-02-14 08:43:52.935root 11241100x80000000000000001740426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94774beed2f874062022-02-14 08:43:52.935root 11241100x80000000000000001740427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1eef504485e2972022-02-14 08:43:52.935root 11241100x80000000000000001740428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403d30169b78b64e2022-02-14 08:43:52.936root 11241100x80000000000000001740429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c106d06dfe9d84ee2022-02-14 08:43:52.936root 11241100x80000000000000001740430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb101ca3b25dd23e2022-02-14 08:43:52.936root 11241100x80000000000000001740431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0accf18f5b3e3dea2022-02-14 08:43:52.936root 11241100x80000000000000001740432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2332d41c714698af2022-02-14 08:43:52.936root 11241100x80000000000000001740433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:52.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a752c713cb2a0702022-02-14 08:43:52.936root 11241100x80000000000000001740434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088600f405ca04622022-02-14 08:43:53.429root 11241100x80000000000000001740435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7e4c95352fac452022-02-14 08:43:53.430root 11241100x80000000000000001740436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a94784351c821d92022-02-14 08:43:53.430root 11241100x80000000000000001740437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2af9ab9126fa6b92022-02-14 08:43:53.430root 11241100x80000000000000001740438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63b16f2ee0b8c3f2022-02-14 08:43:53.430root 11241100x80000000000000001740439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096481b6cf313d692022-02-14 08:43:53.430root 11241100x80000000000000001740440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0212f7069f8fca6e2022-02-14 08:43:53.430root 11241100x80000000000000001740441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f496b46f6719dd242022-02-14 08:43:53.430root 11241100x80000000000000001740442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1286c2be32a97c712022-02-14 08:43:53.430root 11241100x80000000000000001740443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d88ce4629e705e2022-02-14 08:43:53.430root 11241100x80000000000000001740444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c86328387e607502022-02-14 08:43:53.430root 11241100x80000000000000001740445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfb411231c2ec392022-02-14 08:43:53.430root 11241100x80000000000000001740446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1e3fa9c73fac692022-02-14 08:43:53.430root 11241100x80000000000000001740447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1693d7cb2f2cfe2022-02-14 08:43:53.431root 11241100x80000000000000001740448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591c6972661c77b92022-02-14 08:43:53.431root 11241100x80000000000000001740449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4334684ad02260542022-02-14 08:43:53.431root 11241100x80000000000000001740450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a58d4b8539d1c212022-02-14 08:43:53.431root 11241100x80000000000000001740451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317e7a23becb7f6b2022-02-14 08:43:53.431root 11241100x80000000000000001740452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3688a7ad6b10c22022-02-14 08:43:53.431root 11241100x80000000000000001740453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d07718ce56ec1422022-02-14 08:43:53.431root 11241100x80000000000000001740454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f5c611261994422022-02-14 08:43:53.431root 11241100x80000000000000001740455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b55120c4b190fa2022-02-14 08:43:53.431root 11241100x80000000000000001740456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d278dcca04d34c2022-02-14 08:43:53.431root 11241100x80000000000000001740457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a577731989514082022-02-14 08:43:53.431root 11241100x80000000000000001740458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7947d1cfee406922022-02-14 08:43:53.431root 11241100x80000000000000001740459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b5b205fa2268e52022-02-14 08:43:53.432root 11241100x80000000000000001740460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58efe43c922edcca2022-02-14 08:43:53.432root 11241100x80000000000000001740461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430355a6112bd9c52022-02-14 08:43:53.432root 11241100x80000000000000001740462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31dd8f23dc96d872022-02-14 08:43:53.432root 11241100x80000000000000001740463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f729078187fc4a2022-02-14 08:43:53.432root 11241100x80000000000000001740464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba8ac4398226c3e2022-02-14 08:43:53.432root 11241100x80000000000000001740465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee2199f7770a52d2022-02-14 08:43:53.432root 11241100x80000000000000001740466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbbf5657b9de7982022-02-14 08:43:53.432root 11241100x80000000000000001740467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2fa8acb035b41c2022-02-14 08:43:53.432root 11241100x80000000000000001740468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93cff2aacfc05c2f2022-02-14 08:43:53.432root 11241100x80000000000000001740469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6728f89e136ce2532022-02-14 08:43:53.432root 11241100x80000000000000001740470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ffa02a265c43692022-02-14 08:43:53.433root 11241100x80000000000000001740471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbba21c2a3029e72022-02-14 08:43:53.433root 11241100x80000000000000001740472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c17c06a5a42149d2022-02-14 08:43:53.433root 11241100x80000000000000001740473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6abc3a88ec4083f2022-02-14 08:43:53.433root 11241100x80000000000000001740474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6c65c35dc379492022-02-14 08:43:53.433root 11241100x80000000000000001740475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a25737b0912d132022-02-14 08:43:53.433root 11241100x80000000000000001740476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cb735b802ebfcb2022-02-14 08:43:53.433root 11241100x80000000000000001740477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad2ea8931deb9d72022-02-14 08:43:53.433root 11241100x80000000000000001740478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668d63a606acab0f2022-02-14 08:43:53.433root 11241100x80000000000000001740479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41623c53d48d519f2022-02-14 08:43:53.437root 11241100x80000000000000001740480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d60c3838941df92022-02-14 08:43:53.437root 11241100x80000000000000001740481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa764935d240dbe32022-02-14 08:43:53.437root 11241100x80000000000000001740482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52fbacd4f3804052022-02-14 08:43:53.437root 11241100x80000000000000001740483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd284a22d442b642022-02-14 08:43:53.438root 11241100x80000000000000001740484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d6d4ebf30a9e732022-02-14 08:43:53.439root 11241100x80000000000000001740485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ba62c0d6cc57cb2022-02-14 08:43:53.439root 11241100x80000000000000001740486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc67f5514f86d23f2022-02-14 08:43:53.439root 11241100x80000000000000001740487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8309048ce6cd222022-02-14 08:43:53.439root 11241100x80000000000000001740488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fcd5cd451a77842022-02-14 08:43:53.439root 11241100x80000000000000001740489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103ed87bdbc08c152022-02-14 08:43:53.439root 11241100x80000000000000001740490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d965ef819a8f15f12022-02-14 08:43:53.439root 11241100x80000000000000001740491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b6fb3e430c84132022-02-14 08:43:53.439root 11241100x80000000000000001740492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fbb545be5596ec2022-02-14 08:43:53.442root 11241100x80000000000000001740493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66523ef3f9517aae2022-02-14 08:43:53.442root 11241100x80000000000000001740494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c14ec7ab318d0c52022-02-14 08:43:53.442root 11241100x80000000000000001740495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c0946f88759c452022-02-14 08:43:53.442root 11241100x80000000000000001740496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f009b0bee2c651882022-02-14 08:43:53.443root 11241100x80000000000000001740497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416cf245d53265bf2022-02-14 08:43:53.443root 11241100x80000000000000001740498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2ce6e7400c84152022-02-14 08:43:53.443root 11241100x80000000000000001740499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51118174c54725662022-02-14 08:43:53.443root 11241100x80000000000000001740500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624a72fc894dc11f2022-02-14 08:43:53.443root 11241100x80000000000000001740501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2444b1ac68df810d2022-02-14 08:43:53.443root 11241100x80000000000000001740502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed71cd3feb85e262022-02-14 08:43:53.443root 11241100x80000000000000001740503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfac71df23143632022-02-14 08:43:53.443root 11241100x80000000000000001740504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.444{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c787aa22af7570a2022-02-14 08:43:53.444root 11241100x80000000000000001740505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.445{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0beb70790bfc0e42022-02-14 08:43:53.445root 11241100x80000000000000001740506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.445{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61eadbadeaaff7682022-02-14 08:43:53.445root 11241100x80000000000000001740507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.445{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef49d06a2647f9392022-02-14 08:43:53.445root 11241100x80000000000000001740508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.445{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59b037da17dcc592022-02-14 08:43:53.445root 11241100x80000000000000001740509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.445{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838a6c58b96f97d02022-02-14 08:43:53.445root 11241100x80000000000000001740510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.445{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998a31a4f598d3c72022-02-14 08:43:53.445root 11241100x80000000000000001740511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.445{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d8a99c1ec6e0d02022-02-14 08:43:53.445root 11241100x80000000000000001740512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.445{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8409a5a8cf51c82022-02-14 08:43:53.445root 11241100x80000000000000001740513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.447{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019b312bd6851b212022-02-14 08:43:53.447root 11241100x80000000000000001740514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.447{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f196f5af026894d2022-02-14 08:43:53.447root 11241100x80000000000000001740515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.447{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747e2f763a5ccbb02022-02-14 08:43:53.447root 11241100x80000000000000001740516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7e032c30285f4e2022-02-14 08:43:53.930root 11241100x80000000000000001740517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f21e5dd3b17739e2022-02-14 08:43:53.930root 11241100x80000000000000001740518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9378505c52313cfd2022-02-14 08:43:53.930root 11241100x80000000000000001740519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ee3340d2eddb5d2022-02-14 08:43:53.930root 11241100x80000000000000001740520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbe236d3fac06d72022-02-14 08:43:53.931root 11241100x80000000000000001740521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bef4f51e9362b6d2022-02-14 08:43:53.931root 11241100x80000000000000001740522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5311faadd7266bc32022-02-14 08:43:53.931root 11241100x80000000000000001740523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f471f7dcb1e290c2022-02-14 08:43:53.931root 11241100x80000000000000001740524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e086006612d50a2022-02-14 08:43:53.931root 11241100x80000000000000001740525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffa678df23096be2022-02-14 08:43:53.931root 11241100x80000000000000001740526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb769488e9169722022-02-14 08:43:53.931root 11241100x80000000000000001740527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ef80f303e6dd3e2022-02-14 08:43:53.931root 11241100x80000000000000001740528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74689b634e86dd962022-02-14 08:43:53.932root 11241100x80000000000000001740529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be194fde5e2c94d92022-02-14 08:43:53.932root 11241100x80000000000000001740530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146a77c1cdfa2c0c2022-02-14 08:43:53.932root 11241100x80000000000000001740531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f692d2c0dc3b304f2022-02-14 08:43:53.932root 11241100x80000000000000001740532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8dfc5bf35a5c182022-02-14 08:43:53.932root 11241100x80000000000000001740533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1cd76e090606db2022-02-14 08:43:53.932root 11241100x80000000000000001740534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7601054dc58c7a9b2022-02-14 08:43:53.932root 11241100x80000000000000001740535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438f3ed0a4b675762022-02-14 08:43:53.932root 11241100x80000000000000001740536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f13aadff639f7b2022-02-14 08:43:53.932root 11241100x80000000000000001740537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3391a570dd3626692022-02-14 08:43:53.932root 11241100x80000000000000001740538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0b7274b4d02ffe2022-02-14 08:43:53.932root 11241100x80000000000000001740539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de6bceabeb94eab2022-02-14 08:43:53.933root 11241100x80000000000000001740540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93c4adea5a0ecda2022-02-14 08:43:53.933root 11241100x80000000000000001740541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa2f38ccb6aa54e2022-02-14 08:43:53.933root 11241100x80000000000000001740542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86e35e1e94b173e2022-02-14 08:43:53.933root 11241100x80000000000000001740543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fe119351ffd7872022-02-14 08:43:53.933root 11241100x80000000000000001740544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db511be759756d1a2022-02-14 08:43:53.933root 11241100x80000000000000001740545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbb8758842749e22022-02-14 08:43:53.933root 11241100x80000000000000001740546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471f6a0a63c955462022-02-14 08:43:53.933root 11241100x80000000000000001740547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bf474e6f3e61c82022-02-14 08:43:53.933root 11241100x80000000000000001740548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a320e5e2cd531d982022-02-14 08:43:53.933root 11241100x80000000000000001740549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3b18267f8b9fcf2022-02-14 08:43:53.934root 11241100x80000000000000001740550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2401e64fdf757b122022-02-14 08:43:53.934root 11241100x80000000000000001740551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:53.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00d9dac214c03712022-02-14 08:43:53.934root 354300x80000000000000001740552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.234{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51474-false10.0.1.12-8000- 11241100x80000000000000001740553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.235{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0599b26df635a8b22022-02-14 08:43:54.235root 11241100x80000000000000001740554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.235{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153dd099bcfbf5ae2022-02-14 08:43:54.235root 11241100x80000000000000001740555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.235{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f932dbc8bcb3b1b32022-02-14 08:43:54.235root 11241100x80000000000000001740556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.235{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba5892c920530aa2022-02-14 08:43:54.235root 11241100x80000000000000001740557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.236{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1767cde0b1fa105a2022-02-14 08:43:54.236root 11241100x80000000000000001740558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.236{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4093e14f531562512022-02-14 08:43:54.236root 11241100x80000000000000001740559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.236{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9eb5e5f4b93b9f02022-02-14 08:43:54.236root 11241100x80000000000000001740560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.236{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb151eaf28f4f302022-02-14 08:43:54.236root 11241100x80000000000000001740561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.236{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948f11879d1e39242022-02-14 08:43:54.236root 11241100x80000000000000001740562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.236{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a692c4c7bc56f5162022-02-14 08:43:54.236root 11241100x80000000000000001740563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.236{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d167e68506d49c142022-02-14 08:43:54.236root 11241100x80000000000000001740564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.236{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1edad7484d46ca32022-02-14 08:43:54.236root 11241100x80000000000000001740565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.236{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a30693c3da02ec82022-02-14 08:43:54.236root 11241100x80000000000000001740566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.236{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cd06c4bc9c15292022-02-14 08:43:54.236root 11241100x80000000000000001740567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.236{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fe05dfe2e701c12022-02-14 08:43:54.236root 11241100x80000000000000001740568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.237{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4046ef011be7cdea2022-02-14 08:43:54.237root 11241100x80000000000000001740569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.237{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d31e8877b9cbf972022-02-14 08:43:54.237root 11241100x80000000000000001740570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.237{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71724c5f1ef18fc32022-02-14 08:43:54.237root 11241100x80000000000000001740571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.237{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19158464cc740c82022-02-14 08:43:54.237root 11241100x80000000000000001740572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.237{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebf5eed14d46e402022-02-14 08:43:54.237root 11241100x80000000000000001740573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.237{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f6005a284332e12022-02-14 08:43:54.237root 11241100x80000000000000001740574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.237{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2559e29e048fcb842022-02-14 08:43:54.237root 11241100x80000000000000001740575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.237{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e319f646d4070d2022-02-14 08:43:54.237root 11241100x80000000000000001740576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.237{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7de7919b84953e02022-02-14 08:43:54.237root 11241100x80000000000000001740577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.238{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022e4d6b6aa088432022-02-14 08:43:54.238root 11241100x80000000000000001740578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.238{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c04d78f0f7028a2022-02-14 08:43:54.238root 11241100x80000000000000001740579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.238{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede9808359be4f2f2022-02-14 08:43:54.238root 11241100x80000000000000001740580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.238{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a670683e193084522022-02-14 08:43:54.238root 11241100x80000000000000001740581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.239{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5694e84be7ab6552022-02-14 08:43:54.239root 11241100x80000000000000001740582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.241{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af381a6f0aeec702022-02-14 08:43:54.241root 11241100x80000000000000001740583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.241{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9827bbaa3253a1f02022-02-14 08:43:54.241root 11241100x80000000000000001740584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.241{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edea21d963d0a7be2022-02-14 08:43:54.241root 11241100x80000000000000001740585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.242{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84d6c4e60b40ffe2022-02-14 08:43:54.242root 11241100x80000000000000001740586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.242{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7f5404c32b80e42022-02-14 08:43:54.242root 11241100x80000000000000001740587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.242{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82ce6de3af614cc2022-02-14 08:43:54.242root 11241100x80000000000000001740588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.242{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d40d2adf7926a462022-02-14 08:43:54.242root 11241100x80000000000000001740589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.242{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e01614a95c18a8c2022-02-14 08:43:54.242root 11241100x80000000000000001740590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.242{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19c0a912acf91ba2022-02-14 08:43:54.242root 11241100x80000000000000001740591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.243{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3706c03ee954c8de2022-02-14 08:43:54.243root 11241100x80000000000000001740592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.243{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bb687fb9a3b3ad2022-02-14 08:43:54.243root 11241100x80000000000000001740593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.243{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfd7161b887d9d02022-02-14 08:43:54.243root 11241100x80000000000000001740594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.243{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f027c581680525882022-02-14 08:43:54.243root 11241100x80000000000000001740595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.243{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d690e2be9c5a62a52022-02-14 08:43:54.243root 11241100x80000000000000001740596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.243{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e09fcf3a61f7f62022-02-14 08:43:54.243root 11241100x80000000000000001740597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.243{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0599b7d3fc126df02022-02-14 08:43:54.243root 11241100x80000000000000001740598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.243{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5882ea583b62b0942022-02-14 08:43:54.243root 11241100x80000000000000001740599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.243{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f80149ae1dd13ee2022-02-14 08:43:54.243root 11241100x80000000000000001740600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.243{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9852c6a692eeb0f2022-02-14 08:43:54.243root 11241100x80000000000000001740601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.244{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666e07c69eac2a7a2022-02-14 08:43:54.244root 11241100x80000000000000001740602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.244{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9c6cca53c98f992022-02-14 08:43:54.244root 11241100x80000000000000001740603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.244{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389d6e4b8d0336532022-02-14 08:43:54.244root 11241100x80000000000000001740604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.244{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f510fafc4f4b942022-02-14 08:43:54.244root 11241100x80000000000000001740605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.244{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8a54de205508ff2022-02-14 08:43:54.244root 11241100x80000000000000001740606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.244{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd17a2f6180c88c2022-02-14 08:43:54.244root 11241100x80000000000000001740607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.244{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e520829b01a409d2022-02-14 08:43:54.244root 11241100x80000000000000001740608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.245{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe73ac16ea671c9b2022-02-14 08:43:54.245root 11241100x80000000000000001740609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.245{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c83d09762179c6b2022-02-14 08:43:54.245root 11241100x80000000000000001740610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.245{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9305434f4ac0fa592022-02-14 08:43:54.245root 11241100x80000000000000001740611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.245{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2097133cc850032022-02-14 08:43:54.245root 11241100x80000000000000001740612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.245{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c0c97957f9990d2022-02-14 08:43:54.245root 11241100x80000000000000001740613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.246{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be6f6271a969f512022-02-14 08:43:54.246root 11241100x80000000000000001740614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5c4fd52e352ab52022-02-14 08:43:54.680root 11241100x80000000000000001740615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b109eadb006338622022-02-14 08:43:54.680root 11241100x80000000000000001740616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188483a19c0290302022-02-14 08:43:54.680root 11241100x80000000000000001740617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a964e2059199b9742022-02-14 08:43:54.681root 11241100x80000000000000001740618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124d59b4f987ad072022-02-14 08:43:54.681root 11241100x80000000000000001740619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceddc591a587be422022-02-14 08:43:54.681root 11241100x80000000000000001740620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e0dea28db5c3462022-02-14 08:43:54.681root 11241100x80000000000000001740621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c08e6d172a5fa962022-02-14 08:43:54.682root 11241100x80000000000000001740622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3bb4559d648c972022-02-14 08:43:54.682root 11241100x80000000000000001740623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d397da6e1e4aec82022-02-14 08:43:54.682root 11241100x80000000000000001740624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ed66a5207580802022-02-14 08:43:54.682root 11241100x80000000000000001740625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28125a650274c0a22022-02-14 08:43:54.682root 11241100x80000000000000001740626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e72dc942038a982022-02-14 08:43:54.682root 11241100x80000000000000001740627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecde26778e582232022-02-14 08:43:54.683root 11241100x80000000000000001740628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9666d6d869c3a3212022-02-14 08:43:54.683root 11241100x80000000000000001740629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2651144b7eb4f12022-02-14 08:43:54.683root 11241100x80000000000000001740630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888079a53df3cde32022-02-14 08:43:54.683root 11241100x80000000000000001740631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92705b4563d4c50b2022-02-14 08:43:54.683root 11241100x80000000000000001740632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1469af0008e7debe2022-02-14 08:43:54.685root 11241100x80000000000000001740633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9dd27a3541a6372022-02-14 08:43:54.686root 11241100x80000000000000001740634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989645b99bb025122022-02-14 08:43:54.686root 11241100x80000000000000001740635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd937aca8c16f552022-02-14 08:43:54.686root 11241100x80000000000000001740636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c012a34195a98c9c2022-02-14 08:43:54.686root 11241100x80000000000000001740637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28aba608d72f727c2022-02-14 08:43:54.686root 11241100x80000000000000001740638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb173c52c63b17d2022-02-14 08:43:54.686root 11241100x80000000000000001740639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdebae60029a1872022-02-14 08:43:54.686root 11241100x80000000000000001740640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5def5592a8649402022-02-14 08:43:54.686root 11241100x80000000000000001740641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a0a5ef04a85b542022-02-14 08:43:54.686root 11241100x80000000000000001740642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3967da6f57daff492022-02-14 08:43:54.687root 11241100x80000000000000001740643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21b74a255e1253f2022-02-14 08:43:54.687root 11241100x80000000000000001740644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fa957a1b492c9c2022-02-14 08:43:54.687root 11241100x80000000000000001740645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6918d52e390dad92022-02-14 08:43:54.687root 11241100x80000000000000001740646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689d67b666f6bf702022-02-14 08:43:54.687root 11241100x80000000000000001740647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15c4a963d466ffb2022-02-14 08:43:54.687root 11241100x80000000000000001740648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d165f398887891f62022-02-14 08:43:54.687root 11241100x80000000000000001740649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0c5e954cdb48ea2022-02-14 08:43:54.687root 11241100x80000000000000001740650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fa033afb7356ca2022-02-14 08:43:54.687root 11241100x80000000000000001740651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:54.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b5eb02a488fab52022-02-14 08:43:54.687root 11241100x80000000000000001740652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00cf1292fa9746b2022-02-14 08:43:55.180root 11241100x80000000000000001740653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7639aefecc6d8a62022-02-14 08:43:55.181root 11241100x80000000000000001740654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43a454f18a0b8ff2022-02-14 08:43:55.181root 11241100x80000000000000001740655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a49e07880d96422022-02-14 08:43:55.181root 11241100x80000000000000001740656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5495ff90f181ea42022-02-14 08:43:55.181root 11241100x80000000000000001740657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906908e1809b2fa92022-02-14 08:43:55.181root 11241100x80000000000000001740658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1902201eddf0352022-02-14 08:43:55.181root 11241100x80000000000000001740659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0041fc0c84641872022-02-14 08:43:55.182root 11241100x80000000000000001740660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a538548d9939972022-02-14 08:43:55.182root 11241100x80000000000000001740661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ffe18daf0c774d2022-02-14 08:43:55.182root 11241100x80000000000000001740662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15fa4f1fcc9abefb2022-02-14 08:43:55.182root 11241100x80000000000000001740663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e34d04d58ad3b712022-02-14 08:43:55.182root 11241100x80000000000000001740664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bad9ed5daefed22022-02-14 08:43:55.183root 11241100x80000000000000001740665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387ac2ec88f5222f2022-02-14 08:43:55.183root 11241100x80000000000000001740666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc919d5dd785418f2022-02-14 08:43:55.183root 11241100x80000000000000001740667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4de6049dcbbc0f2022-02-14 08:43:55.183root 11241100x80000000000000001740668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141aee06695c06b32022-02-14 08:43:55.183root 11241100x80000000000000001740669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74879e52e093a8b2022-02-14 08:43:55.183root 11241100x80000000000000001740670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1343c5ff8c15f1472022-02-14 08:43:55.183root 11241100x80000000000000001740671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c03d873d5f7dc72022-02-14 08:43:55.183root 11241100x80000000000000001740672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4045521df90401002022-02-14 08:43:55.183root 11241100x80000000000000001740673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b409720ccd72f4f2022-02-14 08:43:55.183root 11241100x80000000000000001740674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640687e27c0ffc852022-02-14 08:43:55.183root 11241100x80000000000000001740675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77267ea1427caf72022-02-14 08:43:55.184root 11241100x80000000000000001740676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112d8efce36d49d42022-02-14 08:43:55.184root 11241100x80000000000000001740677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc821256906c12772022-02-14 08:43:55.184root 11241100x80000000000000001740678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8fcd7b8297789e2022-02-14 08:43:55.184root 11241100x80000000000000001740679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00c6f372c115d822022-02-14 08:43:55.184root 11241100x80000000000000001740680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cee6b49515f5daf2022-02-14 08:43:55.184root 11241100x80000000000000001740681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0260edf3672657722022-02-14 08:43:55.184root 11241100x80000000000000001740682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b008fb59b1ef307e2022-02-14 08:43:55.184root 11241100x80000000000000001740683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7778ca8023b2cf7b2022-02-14 08:43:55.185root 11241100x80000000000000001740684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6ba6c1a43f328e2022-02-14 08:43:55.185root 11241100x80000000000000001740685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bde4cc701e4c9c2022-02-14 08:43:55.185root 11241100x80000000000000001740686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800b836a4608ca052022-02-14 08:43:55.680root 11241100x80000000000000001740687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649cb3c8423e261e2022-02-14 08:43:55.681root 11241100x80000000000000001740688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3090b9b1296aa22022-02-14 08:43:55.681root 11241100x80000000000000001740689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105423070991db012022-02-14 08:43:55.681root 11241100x80000000000000001740690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb7bca2f3d09e7a2022-02-14 08:43:55.682root 11241100x80000000000000001740691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb821ae593a88072022-02-14 08:43:55.682root 11241100x80000000000000001740692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f642551fcea007b2022-02-14 08:43:55.682root 11241100x80000000000000001740693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7c45cce3ba72102022-02-14 08:43:55.682root 11241100x80000000000000001740694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1da00893005cc7c2022-02-14 08:43:55.682root 11241100x80000000000000001740695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a2cec6cf05c3cc2022-02-14 08:43:55.682root 11241100x80000000000000001740696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041c14346b7e26f42022-02-14 08:43:55.682root 11241100x80000000000000001740697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eaed7afdace211d2022-02-14 08:43:55.682root 11241100x80000000000000001740698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17503868ef25b61a2022-02-14 08:43:55.682root 11241100x80000000000000001740699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09d8f85150b5d162022-02-14 08:43:55.683root 11241100x80000000000000001740700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25c593e8109eb932022-02-14 08:43:55.683root 11241100x80000000000000001740701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ed5c93bc9dbcbc2022-02-14 08:43:55.683root 11241100x80000000000000001740702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cfec0669b679f1d2022-02-14 08:43:55.683root 11241100x80000000000000001740703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69319dc2ebf510c2022-02-14 08:43:55.683root 11241100x80000000000000001740704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c319844ff9d7ab452022-02-14 08:43:55.683root 11241100x80000000000000001740705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b7a56cc6175bce2022-02-14 08:43:55.683root 11241100x80000000000000001740706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0db2b18a07210b2022-02-14 08:43:55.683root 11241100x80000000000000001740707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07c060f4fd05d2a2022-02-14 08:43:55.683root 11241100x80000000000000001740708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5d2fb9f10aaa132022-02-14 08:43:55.683root 11241100x80000000000000001740709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051ca66fb86b84b92022-02-14 08:43:55.684root 11241100x80000000000000001740710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609dc01d62982cc82022-02-14 08:43:55.684root 11241100x80000000000000001740711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5f4175078930ed2022-02-14 08:43:55.684root 11241100x80000000000000001740712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397d2df773eae71d2022-02-14 08:43:55.684root 11241100x80000000000000001740713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ee597af3d592e12022-02-14 08:43:55.684root 11241100x80000000000000001740714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d5694cfe9191272022-02-14 08:43:55.684root 11241100x80000000000000001740715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec6e0c13edddfc32022-02-14 08:43:55.684root 11241100x80000000000000001740716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9679447ecc4917582022-02-14 08:43:55.684root 11241100x80000000000000001740717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cf1c6b5a14d9212022-02-14 08:43:55.684root 11241100x80000000000000001740718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96044d02d4ba7d42022-02-14 08:43:55.684root 11241100x80000000000000001740719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:55.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c505335d6108b192022-02-14 08:43:55.685root 11241100x80000000000000001740720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf26bd97d91a3ee2022-02-14 08:43:56.180root 11241100x80000000000000001740721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071d8fc03621ac412022-02-14 08:43:56.180root 11241100x80000000000000001740722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9ef4e885ecd2832022-02-14 08:43:56.180root 11241100x80000000000000001740723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fb0d52e699f7052022-02-14 08:43:56.180root 11241100x80000000000000001740724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68738234fcd47a42022-02-14 08:43:56.181root 11241100x80000000000000001740725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a99e28eae05a11d2022-02-14 08:43:56.181root 11241100x80000000000000001740726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f4d7894dd9de7d2022-02-14 08:43:56.181root 11241100x80000000000000001740727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e9e81dfcfba2c12022-02-14 08:43:56.181root 11241100x80000000000000001740728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f533dbba0349d702022-02-14 08:43:56.182root 11241100x80000000000000001740729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11edd7ec0a979c02022-02-14 08:43:56.182root 11241100x80000000000000001740730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0327b9c3d38475d12022-02-14 08:43:56.182root 11241100x80000000000000001740731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07af79a70b3777a52022-02-14 08:43:56.182root 11241100x80000000000000001740732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1e796d09b166ff2022-02-14 08:43:56.183root 11241100x80000000000000001740733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d7331c0e52f73b2022-02-14 08:43:56.183root 11241100x80000000000000001740734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303779c030a5fb572022-02-14 08:43:56.183root 11241100x80000000000000001740735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459754fcd7cc84782022-02-14 08:43:56.184root 11241100x80000000000000001740736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d874130d825380a2022-02-14 08:43:56.184root 11241100x80000000000000001740737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8140055603ffe03a2022-02-14 08:43:56.184root 11241100x80000000000000001740738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bc6be51c5805162022-02-14 08:43:56.184root 11241100x80000000000000001740739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b524b99527864892022-02-14 08:43:56.185root 11241100x80000000000000001740740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84c41258cf5e9a02022-02-14 08:43:56.185root 11241100x80000000000000001740741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2fe681fa28c43b2022-02-14 08:43:56.185root 11241100x80000000000000001740742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3192042bc909dfc2022-02-14 08:43:56.186root 11241100x80000000000000001740743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1690d7620296b7c12022-02-14 08:43:56.186root 11241100x80000000000000001740744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b814e807b5cf5b912022-02-14 08:43:56.186root 11241100x80000000000000001740745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dc6414645a6c282022-02-14 08:43:56.186root 11241100x80000000000000001740746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27b5a19264883562022-02-14 08:43:56.187root 11241100x80000000000000001740747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6981659d70bfe12022-02-14 08:43:56.187root 11241100x80000000000000001740748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f4bb68880f37342022-02-14 08:43:56.187root 11241100x80000000000000001740749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397b0bbae9d24b492022-02-14 08:43:56.187root 11241100x80000000000000001740750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b18219c3c45f9aa2022-02-14 08:43:56.188root 11241100x80000000000000001740751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683b368772a941002022-02-14 08:43:56.188root 11241100x80000000000000001740752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b56fc9220d52372022-02-14 08:43:56.188root 11241100x80000000000000001740753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7a0dfc2f4bddaf2022-02-14 08:43:56.188root 11241100x80000000000000001740754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb48bf47dda01b982022-02-14 08:43:56.189root 11241100x80000000000000001740755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccc3b01206523ed2022-02-14 08:43:56.189root 11241100x80000000000000001740756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34010a3fd87579632022-02-14 08:43:56.189root 11241100x80000000000000001740757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6dd3e15f46ce0e2022-02-14 08:43:56.190root 11241100x80000000000000001740758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3f3a6a2fb0a9712022-02-14 08:43:56.190root 11241100x80000000000000001740759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274c09aae18029332022-02-14 08:43:56.680root 11241100x80000000000000001740760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6eb73f05f324ca12022-02-14 08:43:56.680root 11241100x80000000000000001740761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ddaf61a6af654b2022-02-14 08:43:56.681root 11241100x80000000000000001740762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c83b7cc3fb18d5a2022-02-14 08:43:56.681root 11241100x80000000000000001740763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4ead1163d34d0c2022-02-14 08:43:56.681root 11241100x80000000000000001740764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d709a762fb0ec8512022-02-14 08:43:56.681root 11241100x80000000000000001740765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7dc8eb89e642102022-02-14 08:43:56.682root 11241100x80000000000000001740766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac128e68b1c6ad62022-02-14 08:43:56.682root 11241100x80000000000000001740767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46938855fe6102f22022-02-14 08:43:56.682root 11241100x80000000000000001740768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12630e4c18ad0df52022-02-14 08:43:56.682root 11241100x80000000000000001740769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3df35f9d73eb1572022-02-14 08:43:56.682root 11241100x80000000000000001740770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896b43aa3a0e6cba2022-02-14 08:43:56.682root 11241100x80000000000000001740771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111775e12f56760e2022-02-14 08:43:56.682root 11241100x80000000000000001740772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25742acd9cc57a8e2022-02-14 08:43:56.683root 11241100x80000000000000001740773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d0c940fde774f32022-02-14 08:43:56.683root 11241100x80000000000000001740774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da49b89e03bb3b4c2022-02-14 08:43:56.683root 11241100x80000000000000001740775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11564adcb8d05aa22022-02-14 08:43:56.683root 11241100x80000000000000001740776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4268454b36f6db0c2022-02-14 08:43:56.683root 11241100x80000000000000001740777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd1fe599172e0612022-02-14 08:43:56.683root 11241100x80000000000000001740778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d464caa6d5f5322022-02-14 08:43:56.683root 11241100x80000000000000001740779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f36e073026c2f282022-02-14 08:43:56.683root 11241100x80000000000000001740780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c97c41cf4d2955f2022-02-14 08:43:56.683root 11241100x80000000000000001740781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7b896b114425672022-02-14 08:43:56.683root 11241100x80000000000000001740782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b485d3465e24124a2022-02-14 08:43:56.684root 11241100x80000000000000001740783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b37508aaa3f2172022-02-14 08:43:56.684root 11241100x80000000000000001740784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6597558d9bf3b22022-02-14 08:43:56.684root 11241100x80000000000000001740785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab97476d5d1fe0ed2022-02-14 08:43:56.684root 11241100x80000000000000001740786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38aa00d6ff0e36c22022-02-14 08:43:56.684root 11241100x80000000000000001740787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549ed529d2bfe9c62022-02-14 08:43:56.684root 11241100x80000000000000001740788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebb32d959903faa2022-02-14 08:43:56.684root 11241100x80000000000000001740789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d965e2c4c95c2f612022-02-14 08:43:56.684root 11241100x80000000000000001740790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feee6a10063af2bd2022-02-14 08:43:56.684root 11241100x80000000000000001740791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1085a030ab1e7e82022-02-14 08:43:56.685root 11241100x80000000000000001740792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f3b715a1f486be2022-02-14 08:43:56.685root 11241100x80000000000000001740793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6f743e7f68a4d02022-02-14 08:43:56.686root 11241100x80000000000000001740794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:56.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecc4ed626df441c2022-02-14 08:43:56.686root 11241100x80000000000000001740795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5204d4f802ce1e052022-02-14 08:43:57.180root 11241100x80000000000000001740796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672a8aa7625998342022-02-14 08:43:57.180root 11241100x80000000000000001740797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e77a738d1e750b2022-02-14 08:43:57.181root 11241100x80000000000000001740798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49405921980ae3cf2022-02-14 08:43:57.181root 11241100x80000000000000001740799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8038254715d4db1f2022-02-14 08:43:57.181root 11241100x80000000000000001740800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62a68f2d5f9a1492022-02-14 08:43:57.181root 11241100x80000000000000001740801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f13b391e468223c2022-02-14 08:43:57.181root 11241100x80000000000000001740802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1655c329096dfc82022-02-14 08:43:57.181root 11241100x80000000000000001740803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a9e5ddbcccb3882022-02-14 08:43:57.181root 11241100x80000000000000001740804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3799719e54bb94072022-02-14 08:43:57.182root 11241100x80000000000000001740805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b5af6b21d86f9d2022-02-14 08:43:57.182root 11241100x80000000000000001740806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d597a540feff38fb2022-02-14 08:43:57.182root 11241100x80000000000000001740807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d295c4477addfb962022-02-14 08:43:57.182root 11241100x80000000000000001740808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b488f08f4fbef7402022-02-14 08:43:57.182root 11241100x80000000000000001740809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839cd841579348632022-02-14 08:43:57.183root 11241100x80000000000000001740810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0dc149c9ee971222022-02-14 08:43:57.183root 11241100x80000000000000001740811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d269b875878e2572022-02-14 08:43:57.183root 11241100x80000000000000001740812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0c31f34636e8c32022-02-14 08:43:57.183root 11241100x80000000000000001740813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aff5b35a004faa32022-02-14 08:43:57.183root 11241100x80000000000000001740814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbdbed32ac9ff622022-02-14 08:43:57.184root 11241100x80000000000000001740815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd53d21a1b2b40862022-02-14 08:43:57.184root 11241100x80000000000000001740816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29d719c6ac347832022-02-14 08:43:57.184root 11241100x80000000000000001740817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6d88d50c4680de2022-02-14 08:43:57.185root 11241100x80000000000000001740818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba564808a9e3cd42022-02-14 08:43:57.186root 11241100x80000000000000001740819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc1a98bbbcd78b12022-02-14 08:43:57.186root 11241100x80000000000000001740820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130b99696301b0fe2022-02-14 08:43:57.186root 11241100x80000000000000001740821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c4de53cf9f77dd2022-02-14 08:43:57.186root 11241100x80000000000000001740822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c321c4f03207ddf2022-02-14 08:43:57.187root 11241100x80000000000000001740823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c588c251e37a8032022-02-14 08:43:57.187root 11241100x80000000000000001740824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cf4be5f294f62d2022-02-14 08:43:57.187root 11241100x80000000000000001740825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b1c4014ba0fb692022-02-14 08:43:57.187root 11241100x80000000000000001740826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6545050e9428c2b2022-02-14 08:43:57.187root 11241100x80000000000000001740827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d366be5705553732022-02-14 08:43:57.187root 11241100x80000000000000001740828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394faa6204e69d032022-02-14 08:43:57.188root 11241100x80000000000000001740829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ad52683f2a0cc02022-02-14 08:43:57.681root 11241100x80000000000000001740830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec480ba8cee3e3162022-02-14 08:43:57.681root 11241100x80000000000000001740831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7417b08b18bc58532022-02-14 08:43:57.681root 11241100x80000000000000001740832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61c550709f710432022-02-14 08:43:57.682root 11241100x80000000000000001740833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8484042b656a6d3f2022-02-14 08:43:57.682root 11241100x80000000000000001740834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbb62678fe5e62b2022-02-14 08:43:57.682root 11241100x80000000000000001740835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065c8ff89f71ecc52022-02-14 08:43:57.682root 11241100x80000000000000001740836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb655057b873a81c2022-02-14 08:43:57.682root 11241100x80000000000000001740837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef5e0da93d613e52022-02-14 08:43:57.682root 11241100x80000000000000001740838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99d3e037883ec5c2022-02-14 08:43:57.682root 11241100x80000000000000001740839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74774e2014cbcb6e2022-02-14 08:43:57.682root 11241100x80000000000000001740840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d6a3d1e1c315302022-02-14 08:43:57.682root 11241100x80000000000000001740841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee934a06659fe4e2022-02-14 08:43:57.683root 11241100x80000000000000001740842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7551760b5dae87e02022-02-14 08:43:57.683root 11241100x80000000000000001740843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669bd2ee33f8431e2022-02-14 08:43:57.683root 11241100x80000000000000001740844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85dd3b2086fa3af2022-02-14 08:43:57.683root 11241100x80000000000000001740845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae50b78d5f324a52022-02-14 08:43:57.683root 11241100x80000000000000001740846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff924caf4b8ef3fd2022-02-14 08:43:57.683root 11241100x80000000000000001740847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503eeb1bf60c0cb52022-02-14 08:43:57.683root 11241100x80000000000000001740848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8411023b331b01f22022-02-14 08:43:57.683root 11241100x80000000000000001740849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4beae4a6283b118d2022-02-14 08:43:57.683root 11241100x80000000000000001740850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048967c131e5e9262022-02-14 08:43:57.683root 11241100x80000000000000001740851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca72a6d84e55b322022-02-14 08:43:57.683root 11241100x80000000000000001740852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baeaf8293807438f2022-02-14 08:43:57.684root 11241100x80000000000000001740853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3f4c40f2574f7c2022-02-14 08:43:57.684root 11241100x80000000000000001740854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a66a1798e00bb352022-02-14 08:43:57.684root 11241100x80000000000000001740855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905d3c80a7dcf8ee2022-02-14 08:43:57.684root 11241100x80000000000000001740856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3f5bb3b7020b182022-02-14 08:43:57.684root 11241100x80000000000000001740857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f455d705e8bd74f2022-02-14 08:43:57.684root 11241100x80000000000000001740858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835d42e8c7febca22022-02-14 08:43:57.684root 11241100x80000000000000001740859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a04e373946a6f82022-02-14 08:43:57.684root 11241100x80000000000000001740860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4283aaea81b4e7da2022-02-14 08:43:57.684root 11241100x80000000000000001740861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab013be0c0d81ea2022-02-14 08:43:57.684root 11241100x80000000000000001740862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7eb3b8fcacb427c2022-02-14 08:43:57.684root 11241100x80000000000000001740863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2bae7b50628f822022-02-14 08:43:58.180root 11241100x80000000000000001740864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9a7d39d49c72c52022-02-14 08:43:58.180root 11241100x80000000000000001740865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d63d34536126732022-02-14 08:43:58.180root 11241100x80000000000000001740866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef28c63853e0dd82022-02-14 08:43:58.181root 11241100x80000000000000001740867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278a6cf067ecdf0d2022-02-14 08:43:58.181root 11241100x80000000000000001740868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7eb0fe1d5f7df302022-02-14 08:43:58.181root 11241100x80000000000000001740869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538037749e29ebed2022-02-14 08:43:58.181root 11241100x80000000000000001740870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4450eebd1cfc6c5c2022-02-14 08:43:58.181root 11241100x80000000000000001740871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9389fd2f2ff52d2022-02-14 08:43:58.181root 11241100x80000000000000001740872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec1e562ff9bf3c42022-02-14 08:43:58.182root 11241100x80000000000000001740873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c468b782567acb1f2022-02-14 08:43:58.182root 11241100x80000000000000001740874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754e800cc090a1162022-02-14 08:43:58.182root 11241100x80000000000000001740875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ec2dc4a8fc51ab2022-02-14 08:43:58.182root 11241100x80000000000000001740876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227640a483c4c6d92022-02-14 08:43:58.182root 11241100x80000000000000001740877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920a85d30082ff882022-02-14 08:43:58.182root 11241100x80000000000000001740878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb55d2aab86560782022-02-14 08:43:58.182root 11241100x80000000000000001740879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5079778459945a3c2022-02-14 08:43:58.183root 11241100x80000000000000001740880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4571002bae4b11da2022-02-14 08:43:58.183root 11241100x80000000000000001740881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31539cb9f53ea3b2022-02-14 08:43:58.183root 11241100x80000000000000001740882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11a4a751c3145912022-02-14 08:43:58.183root 11241100x80000000000000001740883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dcd1dabe575f4d42022-02-14 08:43:58.183root 11241100x80000000000000001740884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d339e8b9e2c59b242022-02-14 08:43:58.183root 11241100x80000000000000001740885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1619a0ebe8700e2022-02-14 08:43:58.184root 11241100x80000000000000001740886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcaf0919987cd0c62022-02-14 08:43:58.184root 11241100x80000000000000001740887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92bd7ff0e873e1292022-02-14 08:43:58.184root 11241100x80000000000000001740888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3909c6a6107fbc62022-02-14 08:43:58.184root 11241100x80000000000000001740889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104455d56fbb88502022-02-14 08:43:58.184root 11241100x80000000000000001740890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5dd19dc08cd8582022-02-14 08:43:58.184root 11241100x80000000000000001740891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d62da3b0f3203a92022-02-14 08:43:58.184root 11241100x80000000000000001740892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db077bb8b05944022022-02-14 08:43:58.184root 11241100x80000000000000001740893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907f737960ee0fda2022-02-14 08:43:58.184root 11241100x80000000000000001740894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3899f4f67cd249da2022-02-14 08:43:58.184root 11241100x80000000000000001740895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f096bc5f408f08052022-02-14 08:43:58.185root 11241100x80000000000000001740896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308256ef943426192022-02-14 08:43:58.185root 11241100x80000000000000001740897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1bd06a510f686f2022-02-14 08:43:58.679root 11241100x80000000000000001740898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15779afd9e8031492022-02-14 08:43:58.680root 11241100x80000000000000001740899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e35822738c93a62022-02-14 08:43:58.680root 11241100x80000000000000001740900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a9a56e9474d0302022-02-14 08:43:58.680root 11241100x80000000000000001740901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fc96523c5e95952022-02-14 08:43:58.680root 11241100x80000000000000001740902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9476f5b4450c872022-02-14 08:43:58.680root 11241100x80000000000000001740903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ba69edab5856df2022-02-14 08:43:58.680root 11241100x80000000000000001740904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cb54918786770b2022-02-14 08:43:58.680root 11241100x80000000000000001740905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84710ceaba739942022-02-14 08:43:58.680root 11241100x80000000000000001740906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552a63f7c95b68472022-02-14 08:43:58.681root 11241100x80000000000000001740907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f052eb4bb20457f2022-02-14 08:43:58.681root 11241100x80000000000000001740908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c038fe08a0aa9c902022-02-14 08:43:58.681root 11241100x80000000000000001740909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f2804e368814052022-02-14 08:43:58.681root 11241100x80000000000000001740910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844fb0d0c0788f782022-02-14 08:43:58.681root 11241100x80000000000000001740911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa3eca694659e8d2022-02-14 08:43:58.681root 11241100x80000000000000001740912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517fa600a3b2909a2022-02-14 08:43:58.681root 11241100x80000000000000001740913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a2f05cdccb2a282022-02-14 08:43:58.681root 11241100x80000000000000001740914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd686daaddf63432022-02-14 08:43:58.681root 11241100x80000000000000001740915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc64a3f0967d307e2022-02-14 08:43:58.682root 11241100x80000000000000001740916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5694555105912a2022-02-14 08:43:58.682root 11241100x80000000000000001740917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a07c33bae23aed2022-02-14 08:43:58.682root 11241100x80000000000000001740918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d081e8c141d9072022-02-14 08:43:58.682root 11241100x80000000000000001740919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b0ffb2301a8eac2022-02-14 08:43:58.682root 11241100x80000000000000001740920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2732e380668abc372022-02-14 08:43:58.683root 11241100x80000000000000001740921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3068d3b47dd16f1e2022-02-14 08:43:58.683root 11241100x80000000000000001740922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2c201aa0c1a6af2022-02-14 08:43:58.683root 11241100x80000000000000001740923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bd2df686c908852022-02-14 08:43:58.683root 11241100x80000000000000001740924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70210252a8969962022-02-14 08:43:58.684root 11241100x80000000000000001740925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d46dab17284a2a2022-02-14 08:43:58.684root 11241100x80000000000000001740926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1fe87c133fa25e2022-02-14 08:43:58.684root 11241100x80000000000000001740927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c58bf3848f88392022-02-14 08:43:58.684root 11241100x80000000000000001740928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8368036d541a0522022-02-14 08:43:58.684root 11241100x80000000000000001740929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7e590391bfd2682022-02-14 08:43:58.685root 11241100x80000000000000001740930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f7fe5cd48e0ac02022-02-14 08:43:58.685root 11241100x80000000000000001740931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54dbe38e8b7e6b302022-02-14 08:43:58.685root 11241100x80000000000000001740932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3a580f210306932022-02-14 08:43:58.685root 11241100x80000000000000001740933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264fbef6bc653eaa2022-02-14 08:43:58.685root 11241100x80000000000000001740934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ec12773dfcc8ce2022-02-14 08:43:58.686root 11241100x80000000000000001740935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d64830e49b206e2022-02-14 08:43:58.686root 11241100x80000000000000001740936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d9a1078d1c7a272022-02-14 08:43:58.686root 11241100x80000000000000001740937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3b5b1281e989392022-02-14 08:43:58.686root 11241100x80000000000000001740938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9207cc38ab0e0ce62022-02-14 08:43:58.686root 11241100x80000000000000001740939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:58.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0470037c6bd9c12022-02-14 08:43:58.687root 11241100x80000000000000001740940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167c515333dd47402022-02-14 08:43:59.180root 11241100x80000000000000001740941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d58e08d899fede2022-02-14 08:43:59.180root 11241100x80000000000000001740942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef172c7660961772022-02-14 08:43:59.181root 11241100x80000000000000001740943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527df4eeba8f55982022-02-14 08:43:59.181root 11241100x80000000000000001740944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62752fa9eb12af3b2022-02-14 08:43:59.181root 11241100x80000000000000001740945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18726ae086eaa0d22022-02-14 08:43:59.181root 11241100x80000000000000001740946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a2381aeb34f3992022-02-14 08:43:59.181root 11241100x80000000000000001740947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507b1d8399c22fc02022-02-14 08:43:59.182root 11241100x80000000000000001740948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bef635b24a21a62022-02-14 08:43:59.182root 11241100x80000000000000001740949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65525b696bd1cec82022-02-14 08:43:59.182root 11241100x80000000000000001740950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c222baefaa7befc42022-02-14 08:43:59.182root 11241100x80000000000000001740951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671b197fbb15cf432022-02-14 08:43:59.182root 11241100x80000000000000001740952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5143482e01640e502022-02-14 08:43:59.182root 11241100x80000000000000001740953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386e985a86f11b992022-02-14 08:43:59.182root 11241100x80000000000000001740954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7841618f49741fac2022-02-14 08:43:59.182root 11241100x80000000000000001740955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145d533758b1ecb82022-02-14 08:43:59.182root 11241100x80000000000000001740956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1152674d0fe532b52022-02-14 08:43:59.182root 11241100x80000000000000001740957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7cdb773582010a02022-02-14 08:43:59.182root 11241100x80000000000000001740958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78cc3f3ffb626572022-02-14 08:43:59.182root 11241100x80000000000000001740959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9f5dfaafb486b32022-02-14 08:43:59.183root 11241100x80000000000000001740960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d16e0157eeaf29f2022-02-14 08:43:59.183root 11241100x80000000000000001740961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e1a9635bbc8d912022-02-14 08:43:59.183root 11241100x80000000000000001740962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2521d371c947892022-02-14 08:43:59.183root 11241100x80000000000000001740963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fe005c161237c52022-02-14 08:43:59.183root 11241100x80000000000000001740964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061809d42be132632022-02-14 08:43:59.183root 11241100x80000000000000001740965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaed5dd0df7349cf2022-02-14 08:43:59.183root 11241100x80000000000000001740966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c662b3d50a9fa2f32022-02-14 08:43:59.183root 11241100x80000000000000001740967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f85c819642fbcd2022-02-14 08:43:59.183root 11241100x80000000000000001740968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422d84ee9ea22d702022-02-14 08:43:59.183root 11241100x80000000000000001740969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2df9c41d009d3d2022-02-14 08:43:59.183root 11241100x80000000000000001740970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12a42a25e5a02982022-02-14 08:43:59.183root 11241100x80000000000000001740971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716fad5d8b840d292022-02-14 08:43:59.184root 11241100x80000000000000001740972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb017a872581f512022-02-14 08:43:59.184root 11241100x80000000000000001740973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bea2a9d9697684f2022-02-14 08:43:59.184root 11241100x80000000000000001740974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ace212419fb4402022-02-14 08:43:59.184root 11241100x80000000000000001740975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f08a944cb7cfc32022-02-14 08:43:59.184root 11241100x80000000000000001740976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab915ae9b333efd2022-02-14 08:43:59.184root 11241100x80000000000000001740977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f76f1ea1f2e1742022-02-14 08:43:59.184root 11241100x80000000000000001740978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dcd75cbb3e5cef2022-02-14 08:43:59.184root 11241100x80000000000000001740979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67dd4c8fcf9513b2022-02-14 08:43:59.680root 11241100x80000000000000001740980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317b197b3d3c153d2022-02-14 08:43:59.680root 11241100x80000000000000001740981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3cb4e2f6cbd9b12022-02-14 08:43:59.680root 11241100x80000000000000001740982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b01f19f4f537cd62022-02-14 08:43:59.680root 11241100x80000000000000001740983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f4f374bfc42aff2022-02-14 08:43:59.680root 11241100x80000000000000001740984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff102acdb1115e252022-02-14 08:43:59.680root 11241100x80000000000000001740985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8180bb5eb085152022-02-14 08:43:59.680root 11241100x80000000000000001740986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c4d14c3e7c55342022-02-14 08:43:59.681root 11241100x80000000000000001740987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b4dfedb93775b82022-02-14 08:43:59.681root 11241100x80000000000000001740988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5100f818b771c92022-02-14 08:43:59.681root 11241100x80000000000000001740989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996ee938983fccbd2022-02-14 08:43:59.681root 11241100x80000000000000001740990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a25cb49bdf1f1382022-02-14 08:43:59.681root 11241100x80000000000000001740991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ab13a512d7736f2022-02-14 08:43:59.681root 11241100x80000000000000001740992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2e50ed71fd87b02022-02-14 08:43:59.681root 11241100x80000000000000001740993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c0a704a23bf8b92022-02-14 08:43:59.682root 11241100x80000000000000001740994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c93a7a2106266d2022-02-14 08:43:59.682root 11241100x80000000000000001740995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37bdbe415792aa1e2022-02-14 08:43:59.682root 11241100x80000000000000001740996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5817e8b9961c4ff42022-02-14 08:43:59.682root 11241100x80000000000000001740997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0ff7f523c46aa92022-02-14 08:43:59.682root 11241100x80000000000000001740998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f71473e52f70bf2022-02-14 08:43:59.682root 11241100x80000000000000001740999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6035b3e46021e4232022-02-14 08:43:59.682root 11241100x80000000000000001741000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c421c4835722285f2022-02-14 08:43:59.682root 11241100x80000000000000001741001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1e69c757c524ab2022-02-14 08:43:59.682root 11241100x80000000000000001741002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07499a91b83364a2022-02-14 08:43:59.682root 11241100x80000000000000001741003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f883b1a970cbac32022-02-14 08:43:59.682root 11241100x80000000000000001741004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1979d663a3bf9d2022-02-14 08:43:59.682root 11241100x80000000000000001741005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edaea7410d6f7072022-02-14 08:43:59.682root 11241100x80000000000000001741006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ebb5365e20e9252022-02-14 08:43:59.682root 11241100x80000000000000001741007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52313e00bde8d9a32022-02-14 08:43:59.682root 11241100x80000000000000001741008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6886fccd8e8813d12022-02-14 08:43:59.683root 11241100x80000000000000001741009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9e0c5ffd0049b62022-02-14 08:43:59.683root 11241100x80000000000000001741010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32c315bd52b41582022-02-14 08:43:59.683root 11241100x80000000000000001741011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f0d3c8a8c967952022-02-14 08:43:59.683root 11241100x80000000000000001741012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3e633913fe76842022-02-14 08:43:59.683root 11241100x80000000000000001741013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43f85e952e103752022-02-14 08:43:59.683root 11241100x80000000000000001741014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ba7cf320b1acbc2022-02-14 08:43:59.683root 11241100x80000000000000001741015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048bdd9bb877022c2022-02-14 08:43:59.683root 11241100x80000000000000001741016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791fdcda374388672022-02-14 08:43:59.683root 11241100x80000000000000001741017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e43ad650e307ba82022-02-14 08:43:59.683root 11241100x80000000000000001741018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23696bd7e5d51bd2022-02-14 08:43:59.683root 11241100x80000000000000001741019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de993ed5ba5fdc72022-02-14 08:43:59.683root 11241100x80000000000000001741020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a31ad8f0a9958a2022-02-14 08:43:59.683root 11241100x80000000000000001741021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f97e410f75dad3c2022-02-14 08:43:59.684root 11241100x80000000000000001741022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae070b1498d5dc32022-02-14 08:43:59.684root 11241100x80000000000000001741023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d955695a0caff792022-02-14 08:43:59.684root 11241100x80000000000000001741024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863647a9c76469772022-02-14 08:43:59.684root 11241100x80000000000000001741025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae7b95627aa13402022-02-14 08:43:59.684root 11241100x80000000000000001741026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:43:59.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d46af53a13f2b742022-02-14 08:43:59.684root 354300x80000000000000001741027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.146{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51476-false10.0.1.12-8000- 11241100x80000000000000001741028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.147{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0be759b638dee92022-02-14 08:44:00.147root 11241100x80000000000000001741029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.147{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f208975acb9da3d42022-02-14 08:44:00.147root 11241100x80000000000000001741030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.147{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce2e3c16d03dd692022-02-14 08:44:00.147root 11241100x80000000000000001741031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.147{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70939b553060c8e2022-02-14 08:44:00.147root 11241100x80000000000000001741032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.147{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8dbab68699ac3f02022-02-14 08:44:00.147root 11241100x80000000000000001741033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.147{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97e66abe96608ea2022-02-14 08:44:00.147root 11241100x80000000000000001741034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.147{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e04cbfe72128ab2022-02-14 08:44:00.147root 11241100x80000000000000001741035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.147{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9891d92afb9faef02022-02-14 08:44:00.147root 11241100x80000000000000001741036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.147{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4bb2771366a5292022-02-14 08:44:00.147root 11241100x80000000000000001741037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.148{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1902c6baee4e6c8c2022-02-14 08:44:00.148root 11241100x80000000000000001741038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.148{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c98dc5e28316d12022-02-14 08:44:00.148root 11241100x80000000000000001741039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.148{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092dcc4dfa8a58492022-02-14 08:44:00.148root 11241100x80000000000000001741040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.148{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9248f835684287a42022-02-14 08:44:00.148root 11241100x80000000000000001741041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.148{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec054ed7baf6ec82022-02-14 08:44:00.148root 11241100x80000000000000001741042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.148{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74bcbe7c7104c612022-02-14 08:44:00.148root 11241100x80000000000000001741043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.148{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cff53ed7f84004c2022-02-14 08:44:00.148root 11241100x80000000000000001741044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.148{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033c883ab33d3fa62022-02-14 08:44:00.148root 11241100x80000000000000001741045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.149{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff0061c56fab28c2022-02-14 08:44:00.149root 11241100x80000000000000001741046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.149{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b435fc090836afb22022-02-14 08:44:00.149root 11241100x80000000000000001741047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.149{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d18918260407852022-02-14 08:44:00.149root 11241100x80000000000000001741048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.149{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5686aa4fc54d95082022-02-14 08:44:00.149root 11241100x80000000000000001741049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.151{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1627e8ef8a8aeeef2022-02-14 08:44:00.151root 11241100x80000000000000001741050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.151{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f1c7ed79cbd9ca2022-02-14 08:44:00.151root 11241100x80000000000000001741051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.151{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c0fe4f53a3ff3d2022-02-14 08:44:00.151root 11241100x80000000000000001741052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.151{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f22e35ef7bd4bbc2022-02-14 08:44:00.151root 11241100x80000000000000001741053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.153{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f19146bcdcf05e2022-02-14 08:44:00.153root 11241100x80000000000000001741054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.153{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75404c35dc3d89112022-02-14 08:44:00.153root 11241100x80000000000000001741055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.153{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d49782771286072022-02-14 08:44:00.153root 11241100x80000000000000001741056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.153{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4482f66bd55a702e2022-02-14 08:44:00.153root 11241100x80000000000000001741057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.153{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1c244112494a4d2022-02-14 08:44:00.153root 11241100x80000000000000001741058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.154{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58f9ad50e80270d2022-02-14 08:44:00.154root 11241100x80000000000000001741059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.154{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1f5a07d66b8d592022-02-14 08:44:00.154root 11241100x80000000000000001741060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.154{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ee2eb89a0106242022-02-14 08:44:00.154root 11241100x80000000000000001741061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.154{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b462f8955e490482022-02-14 08:44:00.154root 11241100x80000000000000001741062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.154{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac46574e77a31f4f2022-02-14 08:44:00.154root 11241100x80000000000000001741063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.154{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a12e3d5500af252022-02-14 08:44:00.154root 11241100x80000000000000001741064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.155{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9824cb1fa0b777c72022-02-14 08:44:00.155root 11241100x80000000000000001741065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.155{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83daa0069fb498ec2022-02-14 08:44:00.155root 11241100x80000000000000001741066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.155{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccde77344356e6c2022-02-14 08:44:00.155root 11241100x80000000000000001741067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.155{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cb990ea469081a2022-02-14 08:44:00.155root 11241100x80000000000000001741068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.155{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ca97525eab44e52022-02-14 08:44:00.155root 11241100x80000000000000001741069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.155{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f959e1836eb751e2022-02-14 08:44:00.155root 11241100x80000000000000001741070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.156{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89413132d16ce442022-02-14 08:44:00.156root 11241100x80000000000000001741071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.156{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bc385136bb91352022-02-14 08:44:00.156root 11241100x80000000000000001741072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.157{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a68d50507bc3012022-02-14 08:44:00.157root 11241100x80000000000000001741073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.157{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a444d3a9b6b5402022-02-14 08:44:00.157root 11241100x80000000000000001741074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.157{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c33b6e77c2cd2442022-02-14 08:44:00.157root 11241100x80000000000000001741075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.157{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b02bbe4fd222022022-02-14 08:44:00.157root 11241100x80000000000000001741076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.157{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5e92f231e34c332022-02-14 08:44:00.157root 11241100x80000000000000001741077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.157{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574135a7395b87db2022-02-14 08:44:00.157root 11241100x80000000000000001741078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.158{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc3d936925a0b9c2022-02-14 08:44:00.158root 11241100x80000000000000001741079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.158{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8692dec523d270c62022-02-14 08:44:00.158root 11241100x80000000000000001741080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.158{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84855ebd3f8408942022-02-14 08:44:00.158root 11241100x80000000000000001741081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.158{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105a0deb4bfb4dbc2022-02-14 08:44:00.158root 11241100x80000000000000001741082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.158{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5922063c1b4a882022-02-14 08:44:00.158root 11241100x80000000000000001741083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a1cb2e4efea3072022-02-14 08:44:00.430root 11241100x80000000000000001741084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbfd3e388e70cfd2022-02-14 08:44:00.430root 11241100x80000000000000001741085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfcb5c277712b6c2022-02-14 08:44:00.431root 11241100x80000000000000001741086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cfd2800e9db8882022-02-14 08:44:00.431root 11241100x80000000000000001741087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c973acda1d3ec2e2022-02-14 08:44:00.431root 11241100x80000000000000001741088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412716efc30d5bea2022-02-14 08:44:00.431root 11241100x80000000000000001741089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b18aadf00d2d7f2022-02-14 08:44:00.431root 11241100x80000000000000001741090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fc010ff41d31eb2022-02-14 08:44:00.431root 11241100x80000000000000001741091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b413abdb73bf6442022-02-14 08:44:00.431root 11241100x80000000000000001741092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe50bad4c1fa3802022-02-14 08:44:00.431root 11241100x80000000000000001741093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85619db43b4fd5d32022-02-14 08:44:00.431root 11241100x80000000000000001741094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb38dceeb7c68e122022-02-14 08:44:00.431root 11241100x80000000000000001741095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6dd9a3ace5fc272022-02-14 08:44:00.432root 11241100x80000000000000001741096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff33843010272db22022-02-14 08:44:00.432root 11241100x80000000000000001741097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14b0f9abe827ee62022-02-14 08:44:00.432root 11241100x80000000000000001741098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600386a4473ad5212022-02-14 08:44:00.433root 11241100x80000000000000001741099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422bd4fb3a1e4f582022-02-14 08:44:00.433root 11241100x80000000000000001741100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a5bc8b672444c32022-02-14 08:44:00.433root 11241100x80000000000000001741101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea357b51647381e2022-02-14 08:44:00.433root 11241100x80000000000000001741102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010cc809cf7a53972022-02-14 08:44:00.433root 11241100x80000000000000001741103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a248816233587b622022-02-14 08:44:00.433root 11241100x80000000000000001741104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964bca80932e1f162022-02-14 08:44:00.433root 11241100x80000000000000001741105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d58ef55081cfc72022-02-14 08:44:00.433root 11241100x80000000000000001741106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14b3c83aae1d5162022-02-14 08:44:00.433root 11241100x80000000000000001741107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3301a92a057599b2022-02-14 08:44:00.434root 11241100x80000000000000001741108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ceb869cf3fbd642022-02-14 08:44:00.434root 11241100x80000000000000001741109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6996e1e1cd738a2022-02-14 08:44:00.434root 11241100x80000000000000001741110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb4d66860c6a60c2022-02-14 08:44:00.435root 11241100x80000000000000001741111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f59d52819ca5be2022-02-14 08:44:00.441root 11241100x80000000000000001741112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ab4f5864b565202022-02-14 08:44:00.441root 11241100x80000000000000001741113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b23c9eaeb7d20b32022-02-14 08:44:00.442root 11241100x80000000000000001741114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30468a33a51f58342022-02-14 08:44:00.442root 11241100x80000000000000001741115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3cb9768dc42f612022-02-14 08:44:00.442root 11241100x80000000000000001741116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82112dca0a13bfd72022-02-14 08:44:00.442root 11241100x80000000000000001741117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4815c1a59e6a9092022-02-14 08:44:00.442root 11241100x80000000000000001741118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3e1c5dbe36b9ba2022-02-14 08:44:00.442root 11241100x80000000000000001741119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e63e067d6a4084c2022-02-14 08:44:00.442root 11241100x80000000000000001741120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5ed868e94e28dc2022-02-14 08:44:00.442root 11241100x80000000000000001741121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5813ceeaa95d3fb12022-02-14 08:44:00.442root 11241100x80000000000000001741122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6351799656f0082022-02-14 08:44:00.442root 11241100x80000000000000001741123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66894d611121d492022-02-14 08:44:00.443root 11241100x80000000000000001741124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85b966b1113707a2022-02-14 08:44:00.443root 11241100x80000000000000001741125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96519e97dcac9ae2022-02-14 08:44:00.443root 11241100x80000000000000001741126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7771aa9026b4fa3c2022-02-14 08:44:00.443root 11241100x80000000000000001741127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08130ec48bd6cc832022-02-14 08:44:00.443root 11241100x80000000000000001741128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee326ea6d5d8e5292022-02-14 08:44:00.443root 11241100x80000000000000001741129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83da9b2b713f67802022-02-14 08:44:00.443root 11241100x80000000000000001741130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c9ca908f4fd6812022-02-14 08:44:00.443root 11241100x80000000000000001741131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6108faef4e90a4052022-02-14 08:44:00.443root 11241100x80000000000000001741132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8b751753ef46012022-02-14 08:44:00.443root 11241100x80000000000000001741133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07052c82d1964862022-02-14 08:44:00.443root 11241100x80000000000000001741134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7865414c406c092022-02-14 08:44:00.443root 11241100x80000000000000001741135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.444{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6ba61da261cec42022-02-14 08:44:00.444root 11241100x80000000000000001741136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef6ebdd10a0e0d92022-02-14 08:44:00.930root 11241100x80000000000000001741137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4c982e2b1372b82022-02-14 08:44:00.930root 11241100x80000000000000001741138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6d4470cf5fe2402022-02-14 08:44:00.930root 11241100x80000000000000001741139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3d01b0babe1ed92022-02-14 08:44:00.930root 11241100x80000000000000001741140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642c1a36afda8a6f2022-02-14 08:44:00.930root 11241100x80000000000000001741141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10be1bc012d6a3e2022-02-14 08:44:00.930root 11241100x80000000000000001741142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350fdef41aeb3c952022-02-14 08:44:00.931root 11241100x80000000000000001741143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6b0376a87973a12022-02-14 08:44:00.931root 11241100x80000000000000001741144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52559f63f2ad287e2022-02-14 08:44:00.931root 11241100x80000000000000001741145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2a1492b8a7c0d02022-02-14 08:44:00.931root 11241100x80000000000000001741146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c288a96ac751ea12022-02-14 08:44:00.931root 11241100x80000000000000001741147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c777f463ba974b32022-02-14 08:44:00.931root 11241100x80000000000000001741148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ace2db5682ad1f2022-02-14 08:44:00.932root 11241100x80000000000000001741149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fcb934acfd87612022-02-14 08:44:00.932root 11241100x80000000000000001741150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9c5add4b88b60f2022-02-14 08:44:00.932root 11241100x80000000000000001741151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f96f45d883d1132022-02-14 08:44:00.932root 11241100x80000000000000001741152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee55471d1aac0c242022-02-14 08:44:00.933root 11241100x80000000000000001741153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffdd7db288930822022-02-14 08:44:00.933root 11241100x80000000000000001741154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3933e708ce4de1352022-02-14 08:44:00.933root 11241100x80000000000000001741155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75656aac51b90ec2022-02-14 08:44:00.933root 11241100x80000000000000001741156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515b3937d7beae192022-02-14 08:44:00.936root 11241100x80000000000000001741157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb57884aeb1cc742022-02-14 08:44:00.936root 11241100x80000000000000001741158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e5e16227acce052022-02-14 08:44:00.936root 11241100x80000000000000001741159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f921eaf0103049dd2022-02-14 08:44:00.936root 11241100x80000000000000001741160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f5eb66717e1f4a2022-02-14 08:44:00.936root 11241100x80000000000000001741161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc656bcc73c9f372022-02-14 08:44:00.936root 11241100x80000000000000001741162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f17e29e61857d5c2022-02-14 08:44:00.936root 11241100x80000000000000001741163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a885d56b90c34022022-02-14 08:44:00.937root 11241100x80000000000000001741164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82d1d8e81b692152022-02-14 08:44:00.937root 11241100x80000000000000001741165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bfda157d882d332022-02-14 08:44:00.937root 11241100x80000000000000001741166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bc111ff3de978c2022-02-14 08:44:00.937root 11241100x80000000000000001741167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d7da2b56fbe28c2022-02-14 08:44:00.937root 11241100x80000000000000001741168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192792271eadabdb2022-02-14 08:44:00.937root 11241100x80000000000000001741169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a55d06242af6ce72022-02-14 08:44:00.938root 11241100x80000000000000001741170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad86ee9c515b56342022-02-14 08:44:00.938root 11241100x80000000000000001741171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:00.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c83d2ea6f229b472022-02-14 08:44:00.938root 11241100x80000000000000001741172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ec119e8e67323f2022-02-14 08:44:01.430root 11241100x80000000000000001741173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0bc97487a703312022-02-14 08:44:01.431root 11241100x80000000000000001741174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f71c409a44b5bee2022-02-14 08:44:01.431root 11241100x80000000000000001741175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b6e31b21757bcd2022-02-14 08:44:01.431root 11241100x80000000000000001741176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afd450780ad5cb32022-02-14 08:44:01.431root 11241100x80000000000000001741177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b438ef1807ead0212022-02-14 08:44:01.431root 11241100x80000000000000001741178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02f0eedb1f328fd2022-02-14 08:44:01.431root 11241100x80000000000000001741179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807aff7ec788340b2022-02-14 08:44:01.431root 11241100x80000000000000001741180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5bf027007634ba2022-02-14 08:44:01.431root 11241100x80000000000000001741181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181176d48fac40782022-02-14 08:44:01.431root 11241100x80000000000000001741182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a21911930b867b02022-02-14 08:44:01.431root 11241100x80000000000000001741183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45620d99dc03da4d2022-02-14 08:44:01.432root 11241100x80000000000000001741184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a131f9db462bbb792022-02-14 08:44:01.432root 11241100x80000000000000001741185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e449e762945e506b2022-02-14 08:44:01.432root 11241100x80000000000000001741186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c8236833ca97ab2022-02-14 08:44:01.432root 11241100x80000000000000001741187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c16cffec8dfc3072022-02-14 08:44:01.432root 11241100x80000000000000001741188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b99982c33a571542022-02-14 08:44:01.432root 11241100x80000000000000001741189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952ce62125cef5862022-02-14 08:44:01.432root 11241100x80000000000000001741190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f9d37a8cbac07e2022-02-14 08:44:01.432root 11241100x80000000000000001741191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412fa1e8ba9c86ac2022-02-14 08:44:01.432root 11241100x80000000000000001741192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515722f8d308a5202022-02-14 08:44:01.433root 11241100x80000000000000001741193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1060f5673237ce2022-02-14 08:44:01.433root 11241100x80000000000000001741194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40cff45216070cc2022-02-14 08:44:01.433root 11241100x80000000000000001741195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76785104a597f5d12022-02-14 08:44:01.433root 11241100x80000000000000001741196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f0ff0a340517812022-02-14 08:44:01.433root 11241100x80000000000000001741197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c426c445d9c2fd2022-02-14 08:44:01.433root 11241100x80000000000000001741198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1f9b217cd854c92022-02-14 08:44:01.433root 11241100x80000000000000001741199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac512ae66f17626f2022-02-14 08:44:01.433root 11241100x80000000000000001741200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f77ee8af13d08872022-02-14 08:44:01.433root 11241100x80000000000000001741201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be755a6877aabf4c2022-02-14 08:44:01.433root 11241100x80000000000000001741202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d28456c7e309192022-02-14 08:44:01.433root 11241100x80000000000000001741203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89055f860deedf482022-02-14 08:44:01.433root 11241100x80000000000000001741204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a264d1e9146a6ce92022-02-14 08:44:01.434root 11241100x80000000000000001741205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ee11a7dc99129a2022-02-14 08:44:01.434root 11241100x80000000000000001741206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329049c8012570352022-02-14 08:44:01.434root 11241100x80000000000000001741207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d0ffd8c5e719082022-02-14 08:44:01.434root 11241100x80000000000000001741208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71c62b50d99de992022-02-14 08:44:01.434root 11241100x80000000000000001741209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992f39af72c8b1bf2022-02-14 08:44:01.930root 11241100x80000000000000001741210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85887f12e6ae973e2022-02-14 08:44:01.930root 11241100x80000000000000001741211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc6f578734838032022-02-14 08:44:01.930root 11241100x80000000000000001741212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec6a09988fef03e2022-02-14 08:44:01.930root 11241100x80000000000000001741213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2911b70663b8192022-02-14 08:44:01.930root 11241100x80000000000000001741214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1332f25f06da50892022-02-14 08:44:01.930root 11241100x80000000000000001741215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5d43b199a61d472022-02-14 08:44:01.930root 11241100x80000000000000001741216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2cf6cd855ba4ad2022-02-14 08:44:01.931root 11241100x80000000000000001741217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b06e1aabbc7dd812022-02-14 08:44:01.931root 11241100x80000000000000001741218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad03e1ccef70cb372022-02-14 08:44:01.931root 11241100x80000000000000001741219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144523fc2edec4a22022-02-14 08:44:01.931root 11241100x80000000000000001741220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0567204a291e56d32022-02-14 08:44:01.931root 11241100x80000000000000001741221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dea2a0e896fa64d2022-02-14 08:44:01.931root 11241100x80000000000000001741222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb643aa50463bfb32022-02-14 08:44:01.931root 11241100x80000000000000001741223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d67add9f840ce982022-02-14 08:44:01.931root 11241100x80000000000000001741224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e277636107320bb82022-02-14 08:44:01.931root 11241100x80000000000000001741225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd62eddc4c5900e32022-02-14 08:44:01.931root 11241100x80000000000000001741226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592859c1433145472022-02-14 08:44:01.932root 11241100x80000000000000001741227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b6cf4e631dd6542022-02-14 08:44:01.932root 11241100x80000000000000001741228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23775083a8024edc2022-02-14 08:44:01.932root 11241100x80000000000000001741229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38418a548bfebe2a2022-02-14 08:44:01.932root 11241100x80000000000000001741230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0fb69ff69d6984b2022-02-14 08:44:01.932root 11241100x80000000000000001741231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995b04d367c1bcd92022-02-14 08:44:01.932root 11241100x80000000000000001741232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db6bd575526ff322022-02-14 08:44:01.932root 11241100x80000000000000001741233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e7fe8fb372461a2022-02-14 08:44:01.932root 11241100x80000000000000001741234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804a5d721c3996302022-02-14 08:44:01.932root 11241100x80000000000000001741235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3952dae698d3002022-02-14 08:44:01.932root 11241100x80000000000000001741236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49af2e049a5024f52022-02-14 08:44:01.933root 11241100x80000000000000001741237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e119c2c0138318bf2022-02-14 08:44:01.933root 11241100x80000000000000001741238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d539fc11decc5812022-02-14 08:44:01.933root 11241100x80000000000000001741239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b5047f2f6723dc2022-02-14 08:44:01.933root 11241100x80000000000000001741240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84047562dec3fde2022-02-14 08:44:01.933root 11241100x80000000000000001741241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ead4505a75c67662022-02-14 08:44:01.933root 11241100x80000000000000001741242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04016fc4834b7fb2022-02-14 08:44:01.933root 11241100x80000000000000001741243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f53c651199885b02022-02-14 08:44:01.933root 11241100x80000000000000001741244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa5a93c5f65178f2022-02-14 08:44:01.933root 11241100x80000000000000001741245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:01.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46f827a0b9932d12022-02-14 08:44:01.936root 11241100x80000000000000001741246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd2d98a428d6d9c2022-02-14 08:44:02.430root 11241100x80000000000000001741247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c24bf87c3096b72022-02-14 08:44:02.430root 11241100x80000000000000001741248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0da8469801eb0f62022-02-14 08:44:02.430root 11241100x80000000000000001741249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12325b706c8ce89c2022-02-14 08:44:02.431root 11241100x80000000000000001741250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828d429a34d72ad52022-02-14 08:44:02.431root 11241100x80000000000000001741251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e073a466fcdcee72022-02-14 08:44:02.431root 11241100x80000000000000001741252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846a7f618a8b1f0a2022-02-14 08:44:02.431root 11241100x80000000000000001741253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1151052c93e7172022-02-14 08:44:02.431root 11241100x80000000000000001741254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e6b47fd662cf9f2022-02-14 08:44:02.431root 11241100x80000000000000001741255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2082135c581d0dc52022-02-14 08:44:02.431root 11241100x80000000000000001741256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797b39182f638b692022-02-14 08:44:02.431root 11241100x80000000000000001741257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04e7d2599190bfc2022-02-14 08:44:02.431root 11241100x80000000000000001741258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef08aae8d2d6ee72022-02-14 08:44:02.431root 11241100x80000000000000001741259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7edc57d46113432022-02-14 08:44:02.432root 11241100x80000000000000001741260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4196e3544d41362022-02-14 08:44:02.432root 11241100x80000000000000001741261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d658f80b8142c1842022-02-14 08:44:02.432root 11241100x80000000000000001741262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c10b0c1e6793ae2022-02-14 08:44:02.432root 11241100x80000000000000001741263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd029e90fd884fd2022-02-14 08:44:02.432root 11241100x80000000000000001741264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ac0c58f21b1ec42022-02-14 08:44:02.433root 11241100x80000000000000001741265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd2fc5822f4fb112022-02-14 08:44:02.433root 11241100x80000000000000001741266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3a60e881f3913a2022-02-14 08:44:02.433root 11241100x80000000000000001741267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17273134d6b16172022-02-14 08:44:02.433root 11241100x80000000000000001741268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917bba2a19bbdd432022-02-14 08:44:02.434root 11241100x80000000000000001741269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d269e45d05b6137b2022-02-14 08:44:02.434root 11241100x80000000000000001741270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcae9e9b2a1faf932022-02-14 08:44:02.434root 11241100x80000000000000001741271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f3aedd486e7a6c2022-02-14 08:44:02.434root 11241100x80000000000000001741272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f599839af665692022-02-14 08:44:02.434root 11241100x80000000000000001741273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd905f6015697cfe2022-02-14 08:44:02.435root 11241100x80000000000000001741274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad23f272df6fbc12022-02-14 08:44:02.435root 11241100x80000000000000001741275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8180f03e5cf25cbc2022-02-14 08:44:02.435root 11241100x80000000000000001741276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445a7cecc92418502022-02-14 08:44:02.435root 11241100x80000000000000001741277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9273ec0ec8298262022-02-14 08:44:02.436root 11241100x80000000000000001741278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a488b2d97f50cc2022-02-14 08:44:02.436root 11241100x80000000000000001741279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85507ad4ce89a3f92022-02-14 08:44:02.436root 11241100x80000000000000001741280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06619f6445d5f98f2022-02-14 08:44:02.436root 11241100x80000000000000001741281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdecf8e4d4ea236e2022-02-14 08:44:02.436root 11241100x80000000000000001741282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75800834b052ba492022-02-14 08:44:02.930root 11241100x80000000000000001741283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b0a143dc8aa0902022-02-14 08:44:02.930root 11241100x80000000000000001741284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df3197cdde3e52a2022-02-14 08:44:02.930root 11241100x80000000000000001741285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f905af2dac0aad42022-02-14 08:44:02.931root 11241100x80000000000000001741286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6230923f3145b4b2022-02-14 08:44:02.931root 11241100x80000000000000001741287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da75352e37178952022-02-14 08:44:02.931root 11241100x80000000000000001741288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8131f427d33b262022-02-14 08:44:02.931root 11241100x80000000000000001741289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f56cb6ad7637562022-02-14 08:44:02.931root 11241100x80000000000000001741290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c4b2f703966e7f2022-02-14 08:44:02.932root 11241100x80000000000000001741291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151b87946e8de2262022-02-14 08:44:02.932root 11241100x80000000000000001741292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59671f37011c9002022-02-14 08:44:02.932root 11241100x80000000000000001741293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f6ee80bf28b0fb2022-02-14 08:44:02.932root 11241100x80000000000000001741294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3560586386b8bca32022-02-14 08:44:02.932root 11241100x80000000000000001741295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426e5db9407958b82022-02-14 08:44:02.933root 11241100x80000000000000001741296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577af07028e3d7d22022-02-14 08:44:02.933root 11241100x80000000000000001741297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf7351ec4a0d5042022-02-14 08:44:02.933root 11241100x80000000000000001741298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2364f2849ae7ae2022-02-14 08:44:02.934root 11241100x80000000000000001741299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fe049eb45006d82022-02-14 08:44:02.934root 11241100x80000000000000001741300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8307de489eb4464d2022-02-14 08:44:02.934root 11241100x80000000000000001741301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271b0e7dca86741b2022-02-14 08:44:02.934root 11241100x80000000000000001741302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bd218038f5a2072022-02-14 08:44:02.934root 11241100x80000000000000001741303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d75d48081df48142022-02-14 08:44:02.934root 11241100x80000000000000001741304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1302efe5a7165b22022-02-14 08:44:02.934root 11241100x80000000000000001741305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba1af140c56765f2022-02-14 08:44:02.934root 11241100x80000000000000001741306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab294153bea840882022-02-14 08:44:02.934root 11241100x80000000000000001741307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5103316bf454b22022-02-14 08:44:02.934root 11241100x80000000000000001741308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cb959e0f2587a82022-02-14 08:44:02.934root 11241100x80000000000000001741309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9459744b2b27a512022-02-14 08:44:02.934root 11241100x80000000000000001741310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9824670db3318922022-02-14 08:44:02.934root 11241100x80000000000000001741311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4106d3e1bba4deb72022-02-14 08:44:02.934root 11241100x80000000000000001741312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c10812fd442c1302022-02-14 08:44:02.934root 11241100x80000000000000001741313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6e10e8ec5346ce2022-02-14 08:44:02.934root 11241100x80000000000000001741314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59ad7f704f996612022-02-14 08:44:02.935root 11241100x80000000000000001741315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5023a6aeb65d6af42022-02-14 08:44:02.935root 11241100x80000000000000001741316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf461c06ce67d8a2022-02-14 08:44:02.935root 11241100x80000000000000001741317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91a6f26510d1eaa2022-02-14 08:44:02.935root 11241100x80000000000000001741318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771f5835b302ec3a2022-02-14 08:44:02.935root 11241100x80000000000000001741319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d1342bf94c8ffe2022-02-14 08:44:02.935root 11241100x80000000000000001741320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:02.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8d9d11e4372b762022-02-14 08:44:02.935root 11241100x80000000000000001741321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c5f3fc10ee29c12022-02-14 08:44:03.430root 11241100x80000000000000001741322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fc25bf1a31b34c2022-02-14 08:44:03.431root 11241100x80000000000000001741323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2407a74d0365d8622022-02-14 08:44:03.431root 11241100x80000000000000001741324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160d3cde9e5f8cb12022-02-14 08:44:03.431root 11241100x80000000000000001741325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8759d20efd3ea5432022-02-14 08:44:03.431root 11241100x80000000000000001741326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b462accc88c7f8c72022-02-14 08:44:03.432root 11241100x80000000000000001741327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c1a7fda530aff02022-02-14 08:44:03.432root 11241100x80000000000000001741328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beadfa4a8706458e2022-02-14 08:44:03.432root 11241100x80000000000000001741329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36c7ee3a64a85f22022-02-14 08:44:03.432root 11241100x80000000000000001741330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df14b4b55f2b4d32022-02-14 08:44:03.432root 11241100x80000000000000001741331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5267053585da25f2022-02-14 08:44:03.432root 11241100x80000000000000001741332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ecbf98b15118e82022-02-14 08:44:03.433root 11241100x80000000000000001741333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ccb28de62f720d2022-02-14 08:44:03.433root 11241100x80000000000000001741334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6f49072e1622102022-02-14 08:44:03.433root 11241100x80000000000000001741335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95b049dd895ee052022-02-14 08:44:03.433root 11241100x80000000000000001741336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc35d5b70978c0e2022-02-14 08:44:03.434root 11241100x80000000000000001741337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c8ca3b01bab1f82022-02-14 08:44:03.434root 11241100x80000000000000001741338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2d54e202f0a2692022-02-14 08:44:03.435root 11241100x80000000000000001741339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e260bd62c300361a2022-02-14 08:44:03.435root 11241100x80000000000000001741340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b991284ac16a7c7e2022-02-14 08:44:03.435root 11241100x80000000000000001741341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b3b2c9975864d52022-02-14 08:44:03.435root 11241100x80000000000000001741342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa36f6c301693532022-02-14 08:44:03.435root 11241100x80000000000000001741343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b475ba49a1b4592022-02-14 08:44:03.435root 11241100x80000000000000001741344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81443f815a0f8e572022-02-14 08:44:03.435root 11241100x80000000000000001741345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28d466ca83801bd2022-02-14 08:44:03.436root 11241100x80000000000000001741346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a523d1c91f06482022-02-14 08:44:03.436root 11241100x80000000000000001741347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a995eeceafc7672022-02-14 08:44:03.436root 11241100x80000000000000001741348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bbc4d990fecd7c2022-02-14 08:44:03.436root 11241100x80000000000000001741349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68a5a1923aefbfc2022-02-14 08:44:03.436root 11241100x80000000000000001741350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2c1de5ecd7a5b72022-02-14 08:44:03.436root 11241100x80000000000000001741351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d458f3800c6ecf782022-02-14 08:44:03.436root 11241100x80000000000000001741352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33123f78b94afa642022-02-14 08:44:03.437root 11241100x80000000000000001741353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a1c45986e6d8af2022-02-14 08:44:03.437root 11241100x80000000000000001741354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4664a11a7f445042022-02-14 08:44:03.437root 11241100x80000000000000001741355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50cd576c0566c952022-02-14 08:44:03.437root 11241100x80000000000000001741356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.446{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdec2ff7e614b472022-02-14 08:44:03.446root 11241100x80000000000000001741357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.446{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c643bf68a7d16e52022-02-14 08:44:03.446root 11241100x80000000000000001741358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67336225783f2db12022-02-14 08:44:03.930root 11241100x80000000000000001741359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e8f46dc3305c2f2022-02-14 08:44:03.930root 11241100x80000000000000001741360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd2c34edcad58a12022-02-14 08:44:03.930root 11241100x80000000000000001741361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa11427e02b44d6c2022-02-14 08:44:03.930root 11241100x80000000000000001741362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fc269568de70542022-02-14 08:44:03.930root 11241100x80000000000000001741363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572bd925197d06df2022-02-14 08:44:03.931root 11241100x80000000000000001741364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e743798774fd0832022-02-14 08:44:03.931root 11241100x80000000000000001741365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975790551195b06b2022-02-14 08:44:03.931root 11241100x80000000000000001741366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716c8d081f038cec2022-02-14 08:44:03.931root 11241100x80000000000000001741367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3478242c4219217a2022-02-14 08:44:03.931root 11241100x80000000000000001741368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d915288d0d037842022-02-14 08:44:03.931root 11241100x80000000000000001741369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bfaa314e1445512022-02-14 08:44:03.931root 11241100x80000000000000001741370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c8345eb95e4fb92022-02-14 08:44:03.931root 11241100x80000000000000001741371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c0672806cce91c2022-02-14 08:44:03.931root 11241100x80000000000000001741372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c649e62040cddfa42022-02-14 08:44:03.932root 11241100x80000000000000001741373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642321888eff6b4e2022-02-14 08:44:03.932root 11241100x80000000000000001741374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9709da707ffaf62022-02-14 08:44:03.932root 11241100x80000000000000001741375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdc537607047f0c2022-02-14 08:44:03.932root 11241100x80000000000000001741376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f2aeae6740e5412022-02-14 08:44:03.932root 11241100x80000000000000001741377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2864e583e60d819e2022-02-14 08:44:03.932root 11241100x80000000000000001741378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9feb125b978095532022-02-14 08:44:03.932root 11241100x80000000000000001741379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3456d16bc6b54e2022-02-14 08:44:03.932root 11241100x80000000000000001741380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3405be66c7e3ddbb2022-02-14 08:44:03.934root 11241100x80000000000000001741381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd640acb575cf6d2022-02-14 08:44:03.934root 11241100x80000000000000001741382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dab968da18c1eef2022-02-14 08:44:03.934root 11241100x80000000000000001741383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6c10e48506a3f02022-02-14 08:44:03.936root 11241100x80000000000000001741384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66ef5da40d756382022-02-14 08:44:03.936root 11241100x80000000000000001741385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afe57479f9cc9ec2022-02-14 08:44:03.936root 11241100x80000000000000001741386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83e1946c5a890592022-02-14 08:44:03.936root 11241100x80000000000000001741387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5a85f45ab8790c2022-02-14 08:44:03.936root 11241100x80000000000000001741388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228bcf1c37a944af2022-02-14 08:44:03.936root 11241100x80000000000000001741389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0716052654c024f72022-02-14 08:44:03.936root 11241100x80000000000000001741390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f70d891fe13bce2022-02-14 08:44:03.936root 11241100x80000000000000001741391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d343d3ed7dd559892022-02-14 08:44:03.936root 11241100x80000000000000001741392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:03.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764572713ee984a62022-02-14 08:44:03.936root 11241100x80000000000000001741393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0e76a2584c53202022-02-14 08:44:04.431root 11241100x80000000000000001741394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc88a060abfc4362022-02-14 08:44:04.431root 11241100x80000000000000001741395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80994d01483b9c3a2022-02-14 08:44:04.432root 11241100x80000000000000001741396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f43fc021cee25f2022-02-14 08:44:04.432root 11241100x80000000000000001741397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162764675bc30a8d2022-02-14 08:44:04.432root 11241100x80000000000000001741398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f3261df5a32da72022-02-14 08:44:04.432root 11241100x80000000000000001741399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5230c2ac6461c5742022-02-14 08:44:04.432root 11241100x80000000000000001741400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d017b791a5dcca742022-02-14 08:44:04.432root 11241100x80000000000000001741401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba53b8193a83bf442022-02-14 08:44:04.432root 11241100x80000000000000001741402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a65c048964a42b2022-02-14 08:44:04.432root 11241100x80000000000000001741403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1873f6ecc1526dc2022-02-14 08:44:04.432root 11241100x80000000000000001741404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122063541be532f02022-02-14 08:44:04.432root 11241100x80000000000000001741405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0393bf5e0b94c0882022-02-14 08:44:04.432root 11241100x80000000000000001741406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892eee2356a56b032022-02-14 08:44:04.432root 11241100x80000000000000001741407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f521d47f5188712022-02-14 08:44:04.433root 11241100x80000000000000001741408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e64b86d9196ff02022-02-14 08:44:04.433root 11241100x80000000000000001741409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7dc3eccf9ca29212022-02-14 08:44:04.433root 11241100x80000000000000001741410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69961f2fc9745862022-02-14 08:44:04.433root 11241100x80000000000000001741411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a7f51205026bce2022-02-14 08:44:04.433root 11241100x80000000000000001741412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c6fa73b0b36b382022-02-14 08:44:04.433root 11241100x80000000000000001741413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1ca5d83a33073e2022-02-14 08:44:04.433root 11241100x80000000000000001741414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8be39371544b352022-02-14 08:44:04.433root 11241100x80000000000000001741415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e9a7961cefd9332022-02-14 08:44:04.434root 11241100x80000000000000001741416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f6b3c885dd1c512022-02-14 08:44:04.434root 11241100x80000000000000001741417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1fb1d88d9e516e2022-02-14 08:44:04.434root 11241100x80000000000000001741418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1b40ee6a6a6d172022-02-14 08:44:04.434root 11241100x80000000000000001741419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edf7d8a4a1093472022-02-14 08:44:04.434root 11241100x80000000000000001741420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a6f4cf40eaffd52022-02-14 08:44:04.434root 11241100x80000000000000001741421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8a3a3b0515e4df2022-02-14 08:44:04.434root 11241100x80000000000000001741422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0064ddc532fb72a2022-02-14 08:44:04.434root 11241100x80000000000000001741423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d69b9c9772f2132022-02-14 08:44:04.434root 11241100x80000000000000001741424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3338881791d62d2022-02-14 08:44:04.434root 11241100x80000000000000001741425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dad26494f9f687a2022-02-14 08:44:04.434root 11241100x80000000000000001741426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b805c9412cf928d72022-02-14 08:44:04.434root 11241100x80000000000000001741427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e68676f632f2db2022-02-14 08:44:04.434root 11241100x80000000000000001741428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffc3366ebebb22a2022-02-14 08:44:04.931root 11241100x80000000000000001741429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8eaff3b3659352f2022-02-14 08:44:04.931root 11241100x80000000000000001741430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413bf08b20485c592022-02-14 08:44:04.931root 11241100x80000000000000001741431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df7fdf4b5d9cef02022-02-14 08:44:04.931root 11241100x80000000000000001741432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1267d08ed8b305152022-02-14 08:44:04.931root 11241100x80000000000000001741433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cacf3ccd12e6a912022-02-14 08:44:04.931root 11241100x80000000000000001741434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d88e3376c8acb02022-02-14 08:44:04.931root 11241100x80000000000000001741435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27521b812341ed912022-02-14 08:44:04.931root 11241100x80000000000000001741436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45e68798c56cefc2022-02-14 08:44:04.931root 11241100x80000000000000001741437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6660a6aeb432492022-02-14 08:44:04.932root 11241100x80000000000000001741438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b55e488a3371e82022-02-14 08:44:04.932root 11241100x80000000000000001741439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381c383c05d22ae52022-02-14 08:44:04.932root 11241100x80000000000000001741440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5289cff8704deca52022-02-14 08:44:04.932root 11241100x80000000000000001741441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d417002ad8ff9ef52022-02-14 08:44:04.932root 11241100x80000000000000001741442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455dffd7fb18d4a42022-02-14 08:44:04.932root 11241100x80000000000000001741443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64e4f45e18efa362022-02-14 08:44:04.932root 11241100x80000000000000001741444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aadfd2839c46fa22022-02-14 08:44:04.932root 11241100x80000000000000001741445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deaad4ec2be44fcd2022-02-14 08:44:04.932root 11241100x80000000000000001741446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f077f7049f82dac62022-02-14 08:44:04.932root 11241100x80000000000000001741447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35bfe81fd2fc2682022-02-14 08:44:04.932root 11241100x80000000000000001741448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfa2f165df9c2672022-02-14 08:44:04.932root 11241100x80000000000000001741449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e53bb6042bc4842022-02-14 08:44:04.932root 11241100x80000000000000001741450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f29a4e7e6d2ce72022-02-14 08:44:04.932root 11241100x80000000000000001741451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d220f082aef6dd92022-02-14 08:44:04.933root 11241100x80000000000000001741452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127a5a4225ea5b222022-02-14 08:44:04.933root 11241100x80000000000000001741453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443da1328ddce1e52022-02-14 08:44:04.933root 11241100x80000000000000001741454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b6ed8a35c0b8d02022-02-14 08:44:04.933root 11241100x80000000000000001741455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3664bc5bbe30e7762022-02-14 08:44:04.933root 11241100x80000000000000001741456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1c03fe60c665492022-02-14 08:44:04.933root 11241100x80000000000000001741457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54a04816a88f6462022-02-14 08:44:04.933root 11241100x80000000000000001741458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3613ee62fe712d5c2022-02-14 08:44:04.933root 11241100x80000000000000001741459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c013e523ca6b332022-02-14 08:44:04.933root 11241100x80000000000000001741460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e923bf14cf36d12022-02-14 08:44:04.933root 11241100x80000000000000001741461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a992e32ae8b49f472022-02-14 08:44:04.933root 11241100x80000000000000001741462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:04.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca548893690063d2022-02-14 08:44:04.934root 11241100x80000000000000001741463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a66fe49449918d2022-02-14 08:44:05.431root 11241100x80000000000000001741464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e1240132e8ff782022-02-14 08:44:05.431root 11241100x80000000000000001741465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b61ecec950db63f2022-02-14 08:44:05.431root 11241100x80000000000000001741466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ca6b68d78487252022-02-14 08:44:05.431root 11241100x80000000000000001741467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42543e9320dca0082022-02-14 08:44:05.431root 11241100x80000000000000001741468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013f9398196ad55b2022-02-14 08:44:05.431root 11241100x80000000000000001741469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9ee99c03f815bc2022-02-14 08:44:05.432root 11241100x80000000000000001741470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5179b29ca4917a712022-02-14 08:44:05.432root 11241100x80000000000000001741471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0c12766c931fd52022-02-14 08:44:05.432root 11241100x80000000000000001741472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc18ad6ac39092ff2022-02-14 08:44:05.432root 11241100x80000000000000001741473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd037cb71fb5a852022-02-14 08:44:05.432root 11241100x80000000000000001741474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4a43f87b952e8e2022-02-14 08:44:05.432root 11241100x80000000000000001741475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe920f462645b5f2022-02-14 08:44:05.432root 11241100x80000000000000001741476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13e8ea78d915c7c2022-02-14 08:44:05.432root 11241100x80000000000000001741477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298a223c82e420042022-02-14 08:44:05.432root 11241100x80000000000000001741478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92994cf077796a22022-02-14 08:44:05.432root 11241100x80000000000000001741479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5998f5e838fe870e2022-02-14 08:44:05.432root 11241100x80000000000000001741480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973edad8016404ae2022-02-14 08:44:05.433root 11241100x80000000000000001741481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07794309dcf94822022-02-14 08:44:05.433root 11241100x80000000000000001741482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd3e33ff73f6ade2022-02-14 08:44:05.433root 11241100x80000000000000001741483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be82e5155762f72e2022-02-14 08:44:05.433root 11241100x80000000000000001741484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31cf5d4d2f0e28a52022-02-14 08:44:05.433root 11241100x80000000000000001741485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603145c5b032e7972022-02-14 08:44:05.434root 11241100x80000000000000001741486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30775ab52da4236a2022-02-14 08:44:05.434root 11241100x80000000000000001741487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6722b14cd9770e3b2022-02-14 08:44:05.434root 11241100x80000000000000001741488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c2a1a9e5ed95322022-02-14 08:44:05.434root 11241100x80000000000000001741489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af75a4ddc3ba59b12022-02-14 08:44:05.434root 11241100x80000000000000001741490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f86f020993de8e2022-02-14 08:44:05.435root 11241100x80000000000000001741491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e72bcca990b83c2022-02-14 08:44:05.435root 11241100x80000000000000001741492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae4e1e140ac40212022-02-14 08:44:05.435root 11241100x80000000000000001741493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af961a2d6b4b492c2022-02-14 08:44:05.435root 11241100x80000000000000001741494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796d5df948f2ed6d2022-02-14 08:44:05.436root 11241100x80000000000000001741495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a1655336f656c42022-02-14 08:44:05.436root 11241100x80000000000000001741496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb984390871757fc2022-02-14 08:44:05.436root 11241100x80000000000000001741497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b9967b76effbd02022-02-14 08:44:05.436root 11241100x80000000000000001741498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeed5b726cc8a7962022-02-14 08:44:05.931root 11241100x80000000000000001741499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8599a8718ae98ce22022-02-14 08:44:05.931root 11241100x80000000000000001741500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ff1777e4c623452022-02-14 08:44:05.931root 11241100x80000000000000001741501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b070daf78bfb3ff42022-02-14 08:44:05.931root 11241100x80000000000000001741502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68d9971de9060852022-02-14 08:44:05.931root 11241100x80000000000000001741503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd37e74ad304a2d2022-02-14 08:44:05.931root 11241100x80000000000000001741504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde5a6352ad61b232022-02-14 08:44:05.932root 11241100x80000000000000001741505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664850772be2a3ed2022-02-14 08:44:05.932root 11241100x80000000000000001741506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a550a5764e22912022-02-14 08:44:05.932root 11241100x80000000000000001741507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e521fc607676c452022-02-14 08:44:05.932root 11241100x80000000000000001741508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dea24564bb192e2022-02-14 08:44:05.932root 11241100x80000000000000001741509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527c192b912e3ed22022-02-14 08:44:05.932root 11241100x80000000000000001741510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1496da48014b18e52022-02-14 08:44:05.932root 11241100x80000000000000001741511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76b8e0d755c9e182022-02-14 08:44:05.932root 11241100x80000000000000001741512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b0be11e8f60d922022-02-14 08:44:05.932root 11241100x80000000000000001741513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2895fd4d8b6ad2222022-02-14 08:44:05.932root 11241100x80000000000000001741514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0ba5361173c4fa2022-02-14 08:44:05.932root 11241100x80000000000000001741515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c016c9006be4052022-02-14 08:44:05.932root 11241100x80000000000000001741516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac24b4ffe0f8e9b2022-02-14 08:44:05.933root 11241100x80000000000000001741517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3977fd6e6608e82022-02-14 08:44:05.933root 11241100x80000000000000001741518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7b2141ad1713c62022-02-14 08:44:05.933root 11241100x80000000000000001741519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf3aca2583a101b2022-02-14 08:44:05.933root 11241100x80000000000000001741520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392241c3a18ec4142022-02-14 08:44:05.933root 11241100x80000000000000001741521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8364ee7f593a093f2022-02-14 08:44:05.933root 11241100x80000000000000001741522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1334aae30c8dacd22022-02-14 08:44:05.933root 11241100x80000000000000001741523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf5b52b791951602022-02-14 08:44:05.933root 11241100x80000000000000001741524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209f350f8c7afd002022-02-14 08:44:05.933root 11241100x80000000000000001741525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ec22692dc49bb32022-02-14 08:44:05.933root 11241100x80000000000000001741526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7370dab63516465e2022-02-14 08:44:05.934root 11241100x80000000000000001741527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73828e15110738332022-02-14 08:44:05.934root 11241100x80000000000000001741528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffe9be5f4689c0d2022-02-14 08:44:05.934root 11241100x80000000000000001741529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22f32e67cf226de2022-02-14 08:44:05.934root 11241100x80000000000000001741530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe0d177446355b82022-02-14 08:44:05.934root 11241100x80000000000000001741531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56731c6816a2e4fa2022-02-14 08:44:05.934root 11241100x80000000000000001741532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:05.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed16c74d498215b42022-02-14 08:44:05.934root 354300x80000000000000001741533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.088{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51478-false10.0.1.12-8000- 11241100x80000000000000001741534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f9c3d33f9d2c9a2022-02-14 08:44:06.431root 11241100x80000000000000001741535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71fc87f5bcce8732022-02-14 08:44:06.431root 11241100x80000000000000001741536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d64ecd5d171ee6e2022-02-14 08:44:06.431root 11241100x80000000000000001741537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52aeaa0e85c09b02022-02-14 08:44:06.432root 11241100x80000000000000001741538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a16769fe2f64cd2022-02-14 08:44:06.432root 11241100x80000000000000001741539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42bb10a41c073d492022-02-14 08:44:06.432root 11241100x80000000000000001741540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6fa72188544de12022-02-14 08:44:06.432root 11241100x80000000000000001741541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639a917e3c970e6c2022-02-14 08:44:06.432root 11241100x80000000000000001741542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419a05d8b9be508e2022-02-14 08:44:06.432root 11241100x80000000000000001741543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1505b3ffd6f7b922022-02-14 08:44:06.432root 11241100x80000000000000001741544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d672272a9d46b0c62022-02-14 08:44:06.432root 11241100x80000000000000001741545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e289bf0c655a6cc42022-02-14 08:44:06.432root 11241100x80000000000000001741546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1752ae1d77f4b492022-02-14 08:44:06.432root 11241100x80000000000000001741547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4beabae4a04737192022-02-14 08:44:06.432root 11241100x80000000000000001741548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c600ea7e29c2291a2022-02-14 08:44:06.432root 11241100x80000000000000001741549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44eb19d3aad7d70f2022-02-14 08:44:06.432root 11241100x80000000000000001741550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481a5dedbdbcb1632022-02-14 08:44:06.433root 11241100x80000000000000001741551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d888693cf1e1c52022-02-14 08:44:06.433root 11241100x80000000000000001741552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffcf1171d78ec452022-02-14 08:44:06.433root 11241100x80000000000000001741553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc71e0d4d3bf6c912022-02-14 08:44:06.433root 11241100x80000000000000001741554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2584c1f4586099322022-02-14 08:44:06.433root 11241100x80000000000000001741555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825cc51c46d5e5ad2022-02-14 08:44:06.433root 11241100x80000000000000001741556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d6673f5a65e2252022-02-14 08:44:06.433root 11241100x80000000000000001741557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5191700fea4f215c2022-02-14 08:44:06.433root 11241100x80000000000000001741558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb43bd9752148c72022-02-14 08:44:06.433root 11241100x80000000000000001741559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c8706b10ec5b782022-02-14 08:44:06.435root 11241100x80000000000000001741560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db14772a24748f212022-02-14 08:44:06.435root 11241100x80000000000000001741561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d8677f967683192022-02-14 08:44:06.435root 11241100x80000000000000001741562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e563e15d2a1ab72022-02-14 08:44:06.435root 11241100x80000000000000001741563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28104bbe7f0f7fba2022-02-14 08:44:06.435root 11241100x80000000000000001741564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8c2694347106f42022-02-14 08:44:06.435root 11241100x80000000000000001741565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049124ecacb34f242022-02-14 08:44:06.435root 11241100x80000000000000001741566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4308cd257c5efae2022-02-14 08:44:06.435root 11241100x80000000000000001741567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bd91919578a9112022-02-14 08:44:06.435root 11241100x80000000000000001741568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75ac60c32cc87f82022-02-14 08:44:06.435root 11241100x80000000000000001741569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d48fd82d627e172022-02-14 08:44:06.435root 11241100x80000000000000001741570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4271a3c6f50bda2022-02-14 08:44:06.929root 11241100x80000000000000001741571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51443dd08ad034bd2022-02-14 08:44:06.930root 11241100x80000000000000001741572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56edc0b8a4e4d1d92022-02-14 08:44:06.930root 11241100x80000000000000001741573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830dcdca17c1c5ee2022-02-14 08:44:06.930root 11241100x80000000000000001741574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93acfac9340e174b2022-02-14 08:44:06.930root 11241100x80000000000000001741575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df44880f69559ce2022-02-14 08:44:06.930root 11241100x80000000000000001741576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23c1afbbc21e8712022-02-14 08:44:06.930root 11241100x80000000000000001741577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4fb8fa7f0b690ef2022-02-14 08:44:06.930root 11241100x80000000000000001741578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b3615fb79409652022-02-14 08:44:06.930root 11241100x80000000000000001741579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09d159bce3573d52022-02-14 08:44:06.930root 11241100x80000000000000001741580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c891cdcfcb1ba8cf2022-02-14 08:44:06.930root 11241100x80000000000000001741581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8875a4f613e94a7f2022-02-14 08:44:06.930root 11241100x80000000000000001741582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3c43b40fb9f5822022-02-14 08:44:06.930root 11241100x80000000000000001741583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d36efb578465382022-02-14 08:44:06.931root 11241100x80000000000000001741584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d138b0336e375b182022-02-14 08:44:06.931root 11241100x80000000000000001741585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574d79e0b74c6e9a2022-02-14 08:44:06.931root 11241100x80000000000000001741586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e082434b413f50d2022-02-14 08:44:06.931root 11241100x80000000000000001741587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898b2fa32a62c6a12022-02-14 08:44:06.931root 11241100x80000000000000001741588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425fd93247a9c14f2022-02-14 08:44:06.931root 11241100x80000000000000001741589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453dad782be95ae52022-02-14 08:44:06.931root 11241100x80000000000000001741590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9f64ecc0145a092022-02-14 08:44:06.931root 11241100x80000000000000001741591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8e2d68c599c0d02022-02-14 08:44:06.931root 11241100x80000000000000001741592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b9fe7ee114f25d2022-02-14 08:44:06.931root 11241100x80000000000000001741593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e007bc1dba4df69f2022-02-14 08:44:06.931root 11241100x80000000000000001741594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c69e4fa8275f052022-02-14 08:44:06.931root 11241100x80000000000000001741595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe41657d7c2f8e12022-02-14 08:44:06.932root 11241100x80000000000000001741596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee42f47c386901702022-02-14 08:44:06.932root 11241100x80000000000000001741597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87803f1e7d5094e52022-02-14 08:44:06.932root 11241100x80000000000000001741598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9cb05f3cc76f7912022-02-14 08:44:06.932root 11241100x80000000000000001741599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa56b81e6135ac5d2022-02-14 08:44:06.932root 11241100x80000000000000001741600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2478b7ad9d3bf32022-02-14 08:44:06.932root 11241100x80000000000000001741601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac851fdfcb3651f12022-02-14 08:44:06.932root 11241100x80000000000000001741602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e6063c85f41c0f2022-02-14 08:44:06.932root 11241100x80000000000000001741603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21d2efe586855b22022-02-14 08:44:06.932root 11241100x80000000000000001741604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64de11dab6b0e9e2022-02-14 08:44:06.933root 11241100x80000000000000001741605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c2198fff7dcbf12022-02-14 08:44:06.933root 11241100x80000000000000001741606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4aed09697140032022-02-14 08:44:06.933root 11241100x80000000000000001741607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f6ee3b57f4a2c62022-02-14 08:44:06.933root 11241100x80000000000000001741608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71eccf91e26cdf0b2022-02-14 08:44:06.933root 11241100x80000000000000001741609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756d07dd75bb80362022-02-14 08:44:06.933root 11241100x80000000000000001741610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28218af02e322ff2022-02-14 08:44:06.933root 11241100x80000000000000001741611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cd776e95898c6a2022-02-14 08:44:06.933root 11241100x80000000000000001741612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:06.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc11871a3d6268c2022-02-14 08:44:06.933root 11241100x80000000000000001741613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfbdea9e1a7960d2022-02-14 08:44:07.432root 11241100x80000000000000001741614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd8cf76a1f067332022-02-14 08:44:07.432root 11241100x80000000000000001741615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36965df2dc3608c92022-02-14 08:44:07.432root 11241100x80000000000000001741616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be247752bad56e42022-02-14 08:44:07.432root 11241100x80000000000000001741617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b1907f6ee73e582022-02-14 08:44:07.432root 11241100x80000000000000001741618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07797592e28448a92022-02-14 08:44:07.432root 11241100x80000000000000001741619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f858e9f2f17a4862022-02-14 08:44:07.432root 11241100x80000000000000001741620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc56a3db6bfd95b2022-02-14 08:44:07.432root 11241100x80000000000000001741621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fcfdcc99f66cc532022-02-14 08:44:07.432root 11241100x80000000000000001741622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896a3e9dae59c27b2022-02-14 08:44:07.432root 11241100x80000000000000001741623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36eee4edf443b5672022-02-14 08:44:07.433root 11241100x80000000000000001741624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030c855f0215f1432022-02-14 08:44:07.433root 11241100x80000000000000001741625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89423e1593345fe2022-02-14 08:44:07.433root 11241100x80000000000000001741626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69ab4adbf5ea86f2022-02-14 08:44:07.433root 11241100x80000000000000001741627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398440161662ee512022-02-14 08:44:07.434root 11241100x80000000000000001741628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea490f38c77d6d82022-02-14 08:44:07.434root 11241100x80000000000000001741629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71aecfd7f29c32cc2022-02-14 08:44:07.434root 11241100x80000000000000001741630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e36fa5d321dfdea2022-02-14 08:44:07.434root 11241100x80000000000000001741631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009b0f8e2847074a2022-02-14 08:44:07.434root 11241100x80000000000000001741632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f220ac0bbeee2d2c2022-02-14 08:44:07.434root 11241100x80000000000000001741633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c331a39c4cdd6152022-02-14 08:44:07.434root 11241100x80000000000000001741634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ae117f8e3903272022-02-14 08:44:07.434root 11241100x80000000000000001741635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad992b5b11b79ea2022-02-14 08:44:07.434root 11241100x80000000000000001741636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93583e6bcc2c07972022-02-14 08:44:07.434root 11241100x80000000000000001741637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02abeccac9c4792d2022-02-14 08:44:07.434root 11241100x80000000000000001741638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00640438f1e984192022-02-14 08:44:07.434root 11241100x80000000000000001741639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37860bdeeaee64702022-02-14 08:44:07.435root 11241100x80000000000000001741640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ee3db4423ca7062022-02-14 08:44:07.435root 11241100x80000000000000001741641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac4720c59b282272022-02-14 08:44:07.436root 11241100x80000000000000001741642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212b3b369491ea512022-02-14 08:44:07.436root 11241100x80000000000000001741643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985392263e2f0c882022-02-14 08:44:07.436root 11241100x80000000000000001741644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8dff5fecccca9f32022-02-14 08:44:07.436root 11241100x80000000000000001741645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a82ec3fcf4c2a892022-02-14 08:44:07.436root 11241100x80000000000000001741646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240a2d27e778aec42022-02-14 08:44:07.436root 11241100x80000000000000001741647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1b5bd68fc8aef12022-02-14 08:44:07.436root 11241100x80000000000000001741648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9636de7f4d5828f82022-02-14 08:44:07.436root 11241100x80000000000000001741649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a42586e45072c42022-02-14 08:44:07.931root 11241100x80000000000000001741650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5dc378227521c12022-02-14 08:44:07.931root 11241100x80000000000000001741651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136891ec9e053ab42022-02-14 08:44:07.931root 11241100x80000000000000001741652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0a4f1fac2a35632022-02-14 08:44:07.931root 11241100x80000000000000001741653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffcccabb8fcf0a52022-02-14 08:44:07.931root 11241100x80000000000000001741654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0489db6ec5b0dc62022-02-14 08:44:07.931root 11241100x80000000000000001741655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f911a82d673e7f192022-02-14 08:44:07.932root 11241100x80000000000000001741656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5026b6ac93e816fb2022-02-14 08:44:07.932root 11241100x80000000000000001741657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030cf5c4d641d2682022-02-14 08:44:07.932root 11241100x80000000000000001741658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf96bf45034c7092022-02-14 08:44:07.932root 11241100x80000000000000001741659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94569be217e390fe2022-02-14 08:44:07.932root 11241100x80000000000000001741660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4239507806d5742022-02-14 08:44:07.935root 11241100x80000000000000001741661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d449a388e718c5ba2022-02-14 08:44:07.935root 11241100x80000000000000001741662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5615c2ba472ac6b2022-02-14 08:44:07.935root 11241100x80000000000000001741663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5d31f1ee7a04792022-02-14 08:44:07.935root 11241100x80000000000000001741664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a535a34b08121f2022-02-14 08:44:07.935root 11241100x80000000000000001741665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e2ee06dbec9e202022-02-14 08:44:07.935root 11241100x80000000000000001741666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9928168ed02ca32022-02-14 08:44:07.936root 11241100x80000000000000001741667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d08ca3828e2b4892022-02-14 08:44:07.936root 11241100x80000000000000001741668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963a40002e09c8d52022-02-14 08:44:07.936root 11241100x80000000000000001741669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fef976e103b6a42022-02-14 08:44:07.936root 11241100x80000000000000001741670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03063381d12fb2762022-02-14 08:44:07.936root 11241100x80000000000000001741671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa5598955ff6bcb2022-02-14 08:44:07.936root 11241100x80000000000000001741672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e9b357eb1ebd4f2022-02-14 08:44:07.936root 11241100x80000000000000001741673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd971968cfc11ea32022-02-14 08:44:07.936root 11241100x80000000000000001741674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810c0697df129a642022-02-14 08:44:07.936root 11241100x80000000000000001741675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ed176a570dcc7c2022-02-14 08:44:07.936root 11241100x80000000000000001741676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fd6a246c0931592022-02-14 08:44:07.936root 11241100x80000000000000001741677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46827f41e37dfea2022-02-14 08:44:07.936root 11241100x80000000000000001741678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70605c1dc12df9b2022-02-14 08:44:07.936root 11241100x80000000000000001741679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98783a195d3b14ac2022-02-14 08:44:07.936root 11241100x80000000000000001741680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23f9f1b8b3b2c9e2022-02-14 08:44:07.936root 11241100x80000000000000001741681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db185708b0798812022-02-14 08:44:07.937root 11241100x80000000000000001741682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d39bf8213f0d1ab2022-02-14 08:44:07.937root 11241100x80000000000000001741683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45be1e8f6a63759c2022-02-14 08:44:07.937root 11241100x80000000000000001741684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:07.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486a51fb1f73dbae2022-02-14 08:44:07.937root 11241100x80000000000000001741685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9ed70f18b5d0312022-02-14 08:44:08.431root 11241100x80000000000000001741686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c376cc50aa3e0b602022-02-14 08:44:08.431root 11241100x80000000000000001741687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab47defda084a6e2022-02-14 08:44:08.431root 11241100x80000000000000001741688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5a93defa4af3202022-02-14 08:44:08.431root 11241100x80000000000000001741689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0063e778bcc13ed42022-02-14 08:44:08.431root 11241100x80000000000000001741690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62b29a7315854572022-02-14 08:44:08.431root 11241100x80000000000000001741691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e544a994b34d78d62022-02-14 08:44:08.431root 11241100x80000000000000001741692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7385fbba982a9a452022-02-14 08:44:08.431root 11241100x80000000000000001741693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75c8c26a8677ea32022-02-14 08:44:08.432root 11241100x80000000000000001741694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3434447010e3c2f42022-02-14 08:44:08.432root 11241100x80000000000000001741695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f387bed38e93342022-02-14 08:44:08.432root 11241100x80000000000000001741696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9d4d884e0b8e622022-02-14 08:44:08.432root 11241100x80000000000000001741697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b90fa0a0c558cf2022-02-14 08:44:08.432root 11241100x80000000000000001741698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8279b8f4ca932aec2022-02-14 08:44:08.432root 11241100x80000000000000001741699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4163fac7e51dd0272022-02-14 08:44:08.432root 11241100x80000000000000001741700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c71788a1013d7b2022-02-14 08:44:08.432root 11241100x80000000000000001741701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311831ca79c625742022-02-14 08:44:08.432root 11241100x80000000000000001741702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20209019a15cc762022-02-14 08:44:08.432root 11241100x80000000000000001741703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f594f3d17e975ae92022-02-14 08:44:08.432root 11241100x80000000000000001741704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037c3873150355002022-02-14 08:44:08.432root 11241100x80000000000000001741705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66154dc5de7fe59d2022-02-14 08:44:08.432root 11241100x80000000000000001741706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3561069a6e651a4b2022-02-14 08:44:08.433root 11241100x80000000000000001741707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadea648bca622932022-02-14 08:44:08.433root 11241100x80000000000000001741708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4826a39737f72ee22022-02-14 08:44:08.433root 11241100x80000000000000001741709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff695f6d47c2f912022-02-14 08:44:08.433root 11241100x80000000000000001741710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9513ce703cdeb24d2022-02-14 08:44:08.433root 11241100x80000000000000001741711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571698e1aff7385d2022-02-14 08:44:08.433root 11241100x80000000000000001741712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bed0ed60aa8306c2022-02-14 08:44:08.433root 11241100x80000000000000001741713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67043d944b2abb8d2022-02-14 08:44:08.433root 11241100x80000000000000001741714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c935483f4e8f18a2022-02-14 08:44:08.433root 11241100x80000000000000001741715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892d0267c2a19f8e2022-02-14 08:44:08.433root 11241100x80000000000000001741716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc24909d528dbb972022-02-14 08:44:08.433root 11241100x80000000000000001741717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f9ad6a696f63ce2022-02-14 08:44:08.433root 11241100x80000000000000001741718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15fde351a9d012d32022-02-14 08:44:08.436root 11241100x80000000000000001741719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80e816cd8cb1e282022-02-14 08:44:08.436root 11241100x80000000000000001741720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b228f92ac3c92f852022-02-14 08:44:08.437root 11241100x80000000000000001741721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67065d8b7cce31e82022-02-14 08:44:08.931root 11241100x80000000000000001741722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2dd2a5d2f6b63b42022-02-14 08:44:08.931root 11241100x80000000000000001741723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0c148de2a18dd82022-02-14 08:44:08.931root 11241100x80000000000000001741724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85bc484e9a6bb302022-02-14 08:44:08.931root 11241100x80000000000000001741725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eddc6183fc0b42102022-02-14 08:44:08.931root 11241100x80000000000000001741726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f30bd44de66fb212022-02-14 08:44:08.931root 11241100x80000000000000001741727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0516983efdecdc2022-02-14 08:44:08.932root 11241100x80000000000000001741728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcddd3e4a42f8c32022-02-14 08:44:08.932root 11241100x80000000000000001741729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16bdfcf7be2ee912022-02-14 08:44:08.932root 11241100x80000000000000001741730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa445ae5faa87fe2022-02-14 08:44:08.932root 11241100x80000000000000001741731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a968c2c1bf39bc82022-02-14 08:44:08.932root 11241100x80000000000000001741732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12eef49352209772022-02-14 08:44:08.932root 11241100x80000000000000001741733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5bddad9a2abcf72022-02-14 08:44:08.932root 11241100x80000000000000001741734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2280ca73ceaad1532022-02-14 08:44:08.932root 11241100x80000000000000001741735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba68e57d7703568e2022-02-14 08:44:08.932root 11241100x80000000000000001741736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7830f04f07c67a72022-02-14 08:44:08.932root 11241100x80000000000000001741737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac739237efbc6ac02022-02-14 08:44:08.932root 11241100x80000000000000001741738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ef1ccc2bc58e452022-02-14 08:44:08.932root 11241100x80000000000000001741739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c400ff150840039a2022-02-14 08:44:08.932root 11241100x80000000000000001741740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df00e8c0c615e3082022-02-14 08:44:08.933root 11241100x80000000000000001741741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c8cd57c45e09ec2022-02-14 08:44:08.933root 11241100x80000000000000001741742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbd0864c525f2a12022-02-14 08:44:08.933root 11241100x80000000000000001741743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75406fb728f705fd2022-02-14 08:44:08.933root 11241100x80000000000000001741744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e0c45fc30bfb5a2022-02-14 08:44:08.933root 11241100x80000000000000001741745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3683c10200eda072022-02-14 08:44:08.933root 11241100x80000000000000001741746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840b37acd2aae8b52022-02-14 08:44:08.933root 11241100x80000000000000001741747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7774e0d5c659c02022-02-14 08:44:08.933root 11241100x80000000000000001741748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f5889ef15055fe2022-02-14 08:44:08.933root 11241100x80000000000000001741749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cab388a573bd9992022-02-14 08:44:08.934root 11241100x80000000000000001741750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe772f59463439212022-02-14 08:44:08.934root 11241100x80000000000000001741751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0250dc8d18741cdc2022-02-14 08:44:08.934root 11241100x80000000000000001741752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea500c324f292232022-02-14 08:44:08.934root 11241100x80000000000000001741753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a86977d57d7fe02022-02-14 08:44:08.934root 11241100x80000000000000001741754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fad3620970544112022-02-14 08:44:08.934root 11241100x80000000000000001741755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b196a916ef67e872022-02-14 08:44:08.934root 11241100x80000000000000001741756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:08.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208adaa98fbb11782022-02-14 08:44:08.934root 11241100x80000000000000001741757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a13250ed375ba2a2022-02-14 08:44:09.430root 11241100x80000000000000001741758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a379c3d9a162c162022-02-14 08:44:09.430root 11241100x80000000000000001741759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99f260a2d857cb42022-02-14 08:44:09.430root 11241100x80000000000000001741760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71b357c62ab6b732022-02-14 08:44:09.430root 11241100x80000000000000001741761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10077f5711f82c92022-02-14 08:44:09.430root 11241100x80000000000000001741762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47177adc8a7cb882022-02-14 08:44:09.430root 11241100x80000000000000001741763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10801cc1832b1dc12022-02-14 08:44:09.430root 11241100x80000000000000001741764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5edb8c0b915db22022-02-14 08:44:09.430root 11241100x80000000000000001741765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f2d88e9c2420b32022-02-14 08:44:09.430root 11241100x80000000000000001741766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0fa97d4e6d4ec582022-02-14 08:44:09.431root 11241100x80000000000000001741767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45c03a91b31aced2022-02-14 08:44:09.431root 11241100x80000000000000001741768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73a75c2b7bf3c232022-02-14 08:44:09.431root 11241100x80000000000000001741769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694dbba9fc750b7f2022-02-14 08:44:09.431root 11241100x80000000000000001741770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5010939dd335e4e02022-02-14 08:44:09.431root 11241100x80000000000000001741771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3109f6b783f40c2022-02-14 08:44:09.431root 11241100x80000000000000001741772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2479ebaa332f3aa32022-02-14 08:44:09.432root 11241100x80000000000000001741773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e287eb66bc0a0a2022-02-14 08:44:09.432root 11241100x80000000000000001741774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f7bc588b7353ef2022-02-14 08:44:09.432root 11241100x80000000000000001741775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4215b349494cdfa72022-02-14 08:44:09.432root 11241100x80000000000000001741776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6182e72f85f0f1432022-02-14 08:44:09.432root 11241100x80000000000000001741777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cd07701722629d2022-02-14 08:44:09.433root 11241100x80000000000000001741778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03dc9110bbbc3302022-02-14 08:44:09.433root 11241100x80000000000000001741779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1f9363ab821bc92022-02-14 08:44:09.433root 11241100x80000000000000001741780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9dc21485ce2bbb42022-02-14 08:44:09.433root 11241100x80000000000000001741781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9528dde0c3d8fa382022-02-14 08:44:09.433root 11241100x80000000000000001741782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1390b425c9f3a02022-02-14 08:44:09.434root 11241100x80000000000000001741783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869cc0348db21bd42022-02-14 08:44:09.434root 11241100x80000000000000001741784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f83892d078b59c2022-02-14 08:44:09.434root 11241100x80000000000000001741785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63cdeb37af642ec2022-02-14 08:44:09.434root 11241100x80000000000000001741786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ef548b2ba72e172022-02-14 08:44:09.434root 11241100x80000000000000001741787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de76604bf001b7d2022-02-14 08:44:09.435root 11241100x80000000000000001741788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f041a2c35553f7d2022-02-14 08:44:09.435root 11241100x80000000000000001741789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38230bb0e09e3fe62022-02-14 08:44:09.435root 11241100x80000000000000001741790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68d1902d2e8afac2022-02-14 08:44:09.435root 11241100x80000000000000001741791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cb588e0886e2772022-02-14 08:44:09.436root 11241100x80000000000000001741792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24f7bda1f4628882022-02-14 08:44:09.436root 11241100x80000000000000001741793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9fbda0bdae08a32022-02-14 08:44:09.436root 11241100x80000000000000001741794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e1fa3079b227042022-02-14 08:44:09.436root 11241100x80000000000000001741795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6e7191f86f7e7b2022-02-14 08:44:09.436root 11241100x80000000000000001741796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a14f39c2d12bf392022-02-14 08:44:09.436root 11241100x80000000000000001741797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffbad564500c3a42022-02-14 08:44:09.436root 11241100x80000000000000001741798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f700b11b74ca12762022-02-14 08:44:09.436root 11241100x80000000000000001741799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091dfb7291406f332022-02-14 08:44:09.436root 11241100x80000000000000001741800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d798e95c03213ae2022-02-14 08:44:09.930root 11241100x80000000000000001741801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367fd51566e576ad2022-02-14 08:44:09.930root 11241100x80000000000000001741802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb2dc99e8084faf2022-02-14 08:44:09.931root 11241100x80000000000000001741803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6dfe37d9763efc92022-02-14 08:44:09.931root 11241100x80000000000000001741804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ff7ec00343bedc2022-02-14 08:44:09.932root 11241100x80000000000000001741805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19ce187c72dea752022-02-14 08:44:09.932root 11241100x80000000000000001741806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fb55c0f0189f7f2022-02-14 08:44:09.932root 11241100x80000000000000001741807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2873cbf8fdb6b8f42022-02-14 08:44:09.932root 11241100x80000000000000001741808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5176eb45e8db45132022-02-14 08:44:09.933root 11241100x80000000000000001741809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94ae2c99ffed9f62022-02-14 08:44:09.933root 11241100x80000000000000001741810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f36334344fb7dcf2022-02-14 08:44:09.933root 11241100x80000000000000001741811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a62ded154cbc7032022-02-14 08:44:09.934root 11241100x80000000000000001741812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c75e1d2d92192a2022-02-14 08:44:09.935root 11241100x80000000000000001741813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed21f11c0c4426ca2022-02-14 08:44:09.935root 11241100x80000000000000001741814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bebc4ddbd25a3cf2022-02-14 08:44:09.935root 11241100x80000000000000001741815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9e1fe6a669fa472022-02-14 08:44:09.936root 11241100x80000000000000001741816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6d67a1a87035b82022-02-14 08:44:09.936root 11241100x80000000000000001741817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecab4c37fec096e2022-02-14 08:44:09.936root 11241100x80000000000000001741818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be98faf0e12af7dd2022-02-14 08:44:09.936root 11241100x80000000000000001741819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5110289f2c33efed2022-02-14 08:44:09.936root 11241100x80000000000000001741820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c7f38cee99b2452022-02-14 08:44:09.936root 11241100x80000000000000001741821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ade186dd2b91e22022-02-14 08:44:09.936root 11241100x80000000000000001741822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40bd9db63e4807e2022-02-14 08:44:09.936root 11241100x80000000000000001741823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f07c676412050b72022-02-14 08:44:09.936root 11241100x80000000000000001741824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821904922aea51be2022-02-14 08:44:09.936root 11241100x80000000000000001741825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2426560c459510802022-02-14 08:44:09.937root 11241100x80000000000000001741826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e64779e7c7b97f22022-02-14 08:44:09.937root 11241100x80000000000000001741827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9627abc0031b56712022-02-14 08:44:09.937root 11241100x80000000000000001741828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6898eca259a862be2022-02-14 08:44:09.937root 11241100x80000000000000001741829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd7e58021a74b692022-02-14 08:44:09.937root 11241100x80000000000000001741830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e344b173f65c890d2022-02-14 08:44:09.937root 11241100x80000000000000001741831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254a257a919715cd2022-02-14 08:44:09.937root 11241100x80000000000000001741832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76868b5b8a7e5fc42022-02-14 08:44:09.937root 11241100x80000000000000001741833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122edf46abe2bfa32022-02-14 08:44:09.937root 11241100x80000000000000001741834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5445d14d0f7732992022-02-14 08:44:09.937root 11241100x80000000000000001741835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f886b183a80a3e2022-02-14 08:44:09.938root 11241100x80000000000000001741836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6d5d93c9568b642022-02-14 08:44:09.938root 11241100x80000000000000001741837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:09.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8c081e2a7979812022-02-14 08:44:09.938root 354300x80000000000000001741838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.207{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-54968-false10.0.1.12-8089- 11241100x80000000000000001741839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd4eebbcb1166e82022-02-14 08:44:10.208root 11241100x80000000000000001741840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260d79d5376144ef2022-02-14 08:44:10.208root 11241100x80000000000000001741841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ccf7580e34832d2022-02-14 08:44:10.208root 11241100x80000000000000001741842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4792df0486a829972022-02-14 08:44:10.208root 11241100x80000000000000001741843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56dd7501147be01e2022-02-14 08:44:10.208root 11241100x80000000000000001741844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5e8030715d05452022-02-14 08:44:10.208root 11241100x80000000000000001741845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523329608c99e8482022-02-14 08:44:10.208root 11241100x80000000000000001741846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c1f90fac3e65b12022-02-14 08:44:10.208root 11241100x80000000000000001741847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972cd1a3ab58a15f2022-02-14 08:44:10.209root 11241100x80000000000000001741848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725191f6f146edb12022-02-14 08:44:10.209root 11241100x80000000000000001741849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a684e334fba4bc2022-02-14 08:44:10.209root 11241100x80000000000000001741850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b4f37f1231058a2022-02-14 08:44:10.209root 11241100x80000000000000001741851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447a22daa83eb96a2022-02-14 08:44:10.209root 11241100x80000000000000001741852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a9e4c207ca56ff2022-02-14 08:44:10.209root 11241100x80000000000000001741853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da0bc035bf7370c2022-02-14 08:44:10.209root 11241100x80000000000000001741854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1b359cff8bfa8c2022-02-14 08:44:10.209root 11241100x80000000000000001741855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f790534b7a98c02022-02-14 08:44:10.210root 11241100x80000000000000001741856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ceaa9658184ea52022-02-14 08:44:10.210root 11241100x80000000000000001741857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392005f7a6c5e9fd2022-02-14 08:44:10.212root 11241100x80000000000000001741858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53120b9f5eed68f02022-02-14 08:44:10.212root 11241100x80000000000000001741859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9b94a6d0d85d5e2022-02-14 08:44:10.212root 11241100x80000000000000001741860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.212{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-02-14 08:44:10.212root 11241100x80000000000000001741861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3803bc7b2ee16e72022-02-14 08:44:10.212root 11241100x80000000000000001741862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e843ef264c992f852022-02-14 08:44:10.212root 11241100x80000000000000001741863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bd56352adb329f2022-02-14 08:44:10.212root 11241100x80000000000000001741864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ed9fec94bc6bb92022-02-14 08:44:10.213root 11241100x80000000000000001741865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb67d49feb4be3b2022-02-14 08:44:10.213root 11241100x80000000000000001741866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aebc5646f13ff152022-02-14 08:44:10.213root 11241100x80000000000000001741867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a645fe90324ac12022-02-14 08:44:10.213root 11241100x80000000000000001741868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4166349320eb92492022-02-14 08:44:10.213root 11241100x80000000000000001741869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4309a6af7dc3f682022-02-14 08:44:10.213root 11241100x80000000000000001741870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3c33a47e7546a02022-02-14 08:44:10.213root 11241100x80000000000000001741871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3a0c51c02899172022-02-14 08:44:10.213root 11241100x80000000000000001741872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a2bc14870382bf2022-02-14 08:44:10.213root 11241100x80000000000000001741873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff6935a326a81562022-02-14 08:44:10.214root 11241100x80000000000000001741874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0b89051db46ee12022-02-14 08:44:10.214root 11241100x80000000000000001741875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcb61d8147234142022-02-14 08:44:10.214root 11241100x80000000000000001741876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1feea427c08e4792022-02-14 08:44:10.214root 11241100x80000000000000001741877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f0399818de20162022-02-14 08:44:10.214root 11241100x80000000000000001741878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6b3cebdc159b652022-02-14 08:44:10.214root 11241100x80000000000000001741879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3a17b5059c17fb2022-02-14 08:44:10.214root 11241100x80000000000000001741880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061b1b3d6792b9e22022-02-14 08:44:10.214root 11241100x80000000000000001741881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d351feab784b2652022-02-14 08:44:10.214root 11241100x80000000000000001741882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.215{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1900a8d85dc0b10c2022-02-14 08:44:10.215root 11241100x80000000000000001741883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.215{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff16ab7d1f1bf7ed2022-02-14 08:44:10.215root 11241100x80000000000000001741884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.215{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007b4ceb9fde6d142022-02-14 08:44:10.215root 11241100x80000000000000001741885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.215{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6532a0509b85212022-02-14 08:44:10.215root 11241100x80000000000000001741886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04a3347125397cd2022-02-14 08:44:10.216root 11241100x80000000000000001741887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd7a2e85e88d9152022-02-14 08:44:10.216root 11241100x80000000000000001741888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac81fdcd94be9cf2022-02-14 08:44:10.216root 11241100x80000000000000001741889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b661c80d67e6282022-02-14 08:44:10.216root 11241100x80000000000000001741890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d84fb91b406c5ba2022-02-14 08:44:10.216root 11241100x80000000000000001741891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb03a85bac409432022-02-14 08:44:10.216root 11241100x80000000000000001741892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98702f74c6e830932022-02-14 08:44:10.216root 11241100x80000000000000001741893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52755c426179af302022-02-14 08:44:10.216root 11241100x80000000000000001741894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d380907964d078072022-02-14 08:44:10.216root 11241100x80000000000000001741895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ce011c323e98b82022-02-14 08:44:10.216root 11241100x80000000000000001741896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02bd7f25bf9b26f2022-02-14 08:44:10.216root 11241100x80000000000000001741897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385e858daa0d64152022-02-14 08:44:10.216root 11241100x80000000000000001741898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494caf9cb17535ab2022-02-14 08:44:10.216root 11241100x80000000000000001741899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cc9bec3db015ef2022-02-14 08:44:10.681root 11241100x80000000000000001741900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bd34be4dc06d7b2022-02-14 08:44:10.681root 11241100x80000000000000001741901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021f3ebee5232d292022-02-14 08:44:10.681root 11241100x80000000000000001741902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a331d56791f792b2022-02-14 08:44:10.681root 11241100x80000000000000001741903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f7bbd24068b7f42022-02-14 08:44:10.681root 11241100x80000000000000001741904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5599a400732216562022-02-14 08:44:10.681root 11241100x80000000000000001741905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f8a88535c852412022-02-14 08:44:10.681root 11241100x80000000000000001741906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fef79c2309139fe2022-02-14 08:44:10.681root 11241100x80000000000000001741907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd9beb86f048be22022-02-14 08:44:10.681root 11241100x80000000000000001741908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e5ecdec1b5ebcd2022-02-14 08:44:10.681root 11241100x80000000000000001741909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59aa91a75950a0d32022-02-14 08:44:10.682root 11241100x80000000000000001741910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf89d74e4d34d1a32022-02-14 08:44:10.682root 11241100x80000000000000001741911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e35ba5ac3184ded2022-02-14 08:44:10.682root 11241100x80000000000000001741912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b1bc4c75c6f39e2022-02-14 08:44:10.682root 11241100x80000000000000001741913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6afe88774d46ed2022-02-14 08:44:10.682root 11241100x80000000000000001741914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5965edd5ea6277ff2022-02-14 08:44:10.682root 11241100x80000000000000001741915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b112b23c7b49275c2022-02-14 08:44:10.682root 11241100x80000000000000001741916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae6f0200f61fac22022-02-14 08:44:10.682root 11241100x80000000000000001741917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32281efb6a2fc942022-02-14 08:44:10.682root 11241100x80000000000000001741918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb35a3b5bac5d6ee2022-02-14 08:44:10.682root 11241100x80000000000000001741919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5476b4905850bd2022-02-14 08:44:10.682root 11241100x80000000000000001741920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4ca2c293d0d5cc2022-02-14 08:44:10.682root 11241100x80000000000000001741921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119af09b3d7b33262022-02-14 08:44:10.682root 11241100x80000000000000001741922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32134d0b11a18992022-02-14 08:44:10.682root 11241100x80000000000000001741923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b61b1246dbfc922022-02-14 08:44:10.683root 11241100x80000000000000001741924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac09481e584814e2022-02-14 08:44:10.683root 11241100x80000000000000001741925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a54ea1a764ec88d2022-02-14 08:44:10.683root 11241100x80000000000000001741926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b06b4b23f549f62022-02-14 08:44:10.683root 11241100x80000000000000001741927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ef88c7fb6fd5d82022-02-14 08:44:10.683root 11241100x80000000000000001741928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25027042078a960e2022-02-14 08:44:10.683root 11241100x80000000000000001741929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c30be486160e4ec2022-02-14 08:44:10.683root 11241100x80000000000000001741930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71204eae98127de2022-02-14 08:44:10.683root 11241100x80000000000000001741931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1148347177efe12022-02-14 08:44:10.683root 11241100x80000000000000001741932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea092122c75d9b532022-02-14 08:44:10.686root 11241100x80000000000000001741933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2492a779f2cdeea2022-02-14 08:44:10.686root 11241100x80000000000000001741934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0e163b719a209d2022-02-14 08:44:10.686root 11241100x80000000000000001741935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46ed29a674649fb2022-02-14 08:44:10.687root 11241100x80000000000000001741936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:10.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985754ec8b141fe62022-02-14 08:44:10.687root 11241100x80000000000000001741937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbee4e5808f8aa52022-02-14 08:44:11.180root 11241100x80000000000000001741938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cee874a5702cba2022-02-14 08:44:11.180root 11241100x80000000000000001741939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b310bd7a3374be12022-02-14 08:44:11.180root 11241100x80000000000000001741940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b88de848375f07a2022-02-14 08:44:11.180root 11241100x80000000000000001741941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2baec0def49d23a52022-02-14 08:44:11.180root 11241100x80000000000000001741942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb18da20e9e23bb2022-02-14 08:44:11.181root 11241100x80000000000000001741943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a59655150cba94d2022-02-14 08:44:11.181root 11241100x80000000000000001741944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555de02323e15eb22022-02-14 08:44:11.181root 11241100x80000000000000001741945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148514c3a6ba783b2022-02-14 08:44:11.181root 11241100x80000000000000001741946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f19245615279b6a2022-02-14 08:44:11.181root 11241100x80000000000000001741947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f302f6b3d4c941b92022-02-14 08:44:11.181root 11241100x80000000000000001741948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2caa5820a918fe342022-02-14 08:44:11.181root 11241100x80000000000000001741949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ac0fdf434e6f2b2022-02-14 08:44:11.181root 11241100x80000000000000001741950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9ea84b791b61d42022-02-14 08:44:11.181root 11241100x80000000000000001741951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e497f5f98be6462022-02-14 08:44:11.181root 11241100x80000000000000001741952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817b8cef82ff71802022-02-14 08:44:11.182root 11241100x80000000000000001741953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a14cfc41a8d67bb2022-02-14 08:44:11.182root 11241100x80000000000000001741954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b24a8f4ae2885f2022-02-14 08:44:11.182root 11241100x80000000000000001741955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b3ebdaa88996dd2022-02-14 08:44:11.182root 11241100x80000000000000001741956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0e876b846ec98f2022-02-14 08:44:11.183root 11241100x80000000000000001741957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8890b61e55303582022-02-14 08:44:11.183root 11241100x80000000000000001741958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb6bff8a20c740d2022-02-14 08:44:11.183root 11241100x80000000000000001741959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e1e48cbbd9dfb22022-02-14 08:44:11.183root 11241100x80000000000000001741960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d423cf5067c037682022-02-14 08:44:11.183root 11241100x80000000000000001741961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c38c1412951afe22022-02-14 08:44:11.183root 11241100x80000000000000001741962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c41cbb6c539b162022-02-14 08:44:11.183root 11241100x80000000000000001741963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8503c448afa9902022-02-14 08:44:11.183root 11241100x80000000000000001741964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b6213d676ef6dd2022-02-14 08:44:11.183root 11241100x80000000000000001741965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d58762db60eb4b32022-02-14 08:44:11.183root 11241100x80000000000000001741966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a0abbd404e94d62022-02-14 08:44:11.184root 11241100x80000000000000001741967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a630c5722763972022-02-14 08:44:11.184root 11241100x80000000000000001741968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e1d1ffab384b042022-02-14 08:44:11.184root 11241100x80000000000000001741969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53dd69eb11aaf0852022-02-14 08:44:11.184root 11241100x80000000000000001741970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff16f3d48836674c2022-02-14 08:44:11.184root 11241100x80000000000000001741971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e469ad7f8a34f752022-02-14 08:44:11.184root 11241100x80000000000000001741972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0bb5ddfb9c8efc2022-02-14 08:44:11.184root 11241100x80000000000000001741973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4008a36250643a82022-02-14 08:44:11.184root 11241100x80000000000000001741974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be1ecf10c586f5f2022-02-14 08:44:11.184root 11241100x80000000000000001741975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77cb2ae99e7f7c4b2022-02-14 08:44:11.184root 11241100x80000000000000001741976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e687dfe46ad43d2022-02-14 08:44:11.184root 11241100x80000000000000001741977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0c874ade634e182022-02-14 08:44:11.184root 11241100x80000000000000001741978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7abc95a31721d8a2022-02-14 08:44:11.185root 11241100x80000000000000001741979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b263b231ae0ba1222022-02-14 08:44:11.185root 354300x80000000000000001741980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.250{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51482-false10.0.1.12-8000- 11241100x80000000000000001741981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ed04604c3a9d912022-02-14 08:44:11.680root 11241100x80000000000000001741982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a9cc943534ce6c2022-02-14 08:44:11.681root 11241100x80000000000000001741983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ad8223f8bc429b2022-02-14 08:44:11.681root 11241100x80000000000000001741984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c467ed822d7ea0562022-02-14 08:44:11.681root 11241100x80000000000000001741985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc0cf974e8e062c2022-02-14 08:44:11.681root 11241100x80000000000000001741986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53a15f4659b4c852022-02-14 08:44:11.681root 11241100x80000000000000001741987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99968cfd4b7b82872022-02-14 08:44:11.681root 11241100x80000000000000001741988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8e3f2647efbac02022-02-14 08:44:11.681root 11241100x80000000000000001741989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a570e8b21d68f04d2022-02-14 08:44:11.681root 11241100x80000000000000001741990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88341c7fde09e2072022-02-14 08:44:11.681root 11241100x80000000000000001741991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2efaf8af5a1521e2022-02-14 08:44:11.681root 11241100x80000000000000001741992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b1a50b684aa2512022-02-14 08:44:11.681root 11241100x80000000000000001741993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84c6902dfa128d12022-02-14 08:44:11.681root 11241100x80000000000000001741994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f73091ca475b0e2022-02-14 08:44:11.682root 11241100x80000000000000001741995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc4c4fee38afbce2022-02-14 08:44:11.682root 11241100x80000000000000001741996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2858cdf05c484862022-02-14 08:44:11.682root 11241100x80000000000000001741997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6f54d8f44a62f32022-02-14 08:44:11.682root 11241100x80000000000000001741998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d96ba8db27b2862022-02-14 08:44:11.682root 11241100x80000000000000001741999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e9fc9143a7e4f02022-02-14 08:44:11.682root 11241100x80000000000000001742000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a47dcad89380e42022-02-14 08:44:11.682root 11241100x80000000000000001742001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe41e5579f7ce4742022-02-14 08:44:11.682root 11241100x80000000000000001742002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f0bdb99312e6b82022-02-14 08:44:11.682root 11241100x80000000000000001742003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5316268887513ee22022-02-14 08:44:11.682root 11241100x80000000000000001742004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272493de192455872022-02-14 08:44:11.683root 11241100x80000000000000001742005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e2e6f97084ee772022-02-14 08:44:11.683root 11241100x80000000000000001742006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e6ceff557bd52d2022-02-14 08:44:11.683root 11241100x80000000000000001742007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1db2438e1a8d5e2022-02-14 08:44:11.683root 11241100x80000000000000001742008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dac87831b409fc2022-02-14 08:44:11.683root 11241100x80000000000000001742009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629237af01333c812022-02-14 08:44:11.683root 11241100x80000000000000001742010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf74effb535c28332022-02-14 08:44:11.683root 11241100x80000000000000001742011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df2ca881a17f8262022-02-14 08:44:11.683root 11241100x80000000000000001742012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e716736af0da0f2022-02-14 08:44:11.683root 11241100x80000000000000001742013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43179bb85537edf62022-02-14 08:44:11.683root 11241100x80000000000000001742014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8aae7f206604772022-02-14 08:44:11.683root 11241100x80000000000000001742015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5a0478931d3ebc2022-02-14 08:44:11.684root 11241100x80000000000000001742016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe42d6e4a109d61b2022-02-14 08:44:11.684root 11241100x80000000000000001742017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86afed09b8405852022-02-14 08:44:11.684root 11241100x80000000000000001742018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37bb499cf925646b2022-02-14 08:44:11.684root 11241100x80000000000000001742019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a552f9fd9b4905702022-02-14 08:44:11.685root 11241100x80000000000000001742020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:11.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bc15fc31621fb32022-02-14 08:44:11.685root 11241100x80000000000000001742021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f12e6ebd43a98a62022-02-14 08:44:12.180root 11241100x80000000000000001742022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f1a62140dbbaf92022-02-14 08:44:12.180root 11241100x80000000000000001742023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c56c2d8a34e8b9b2022-02-14 08:44:12.180root 11241100x80000000000000001742024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c34c1a4a24e2ca42022-02-14 08:44:12.180root 11241100x80000000000000001742025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a795ce19ba4f3db62022-02-14 08:44:12.180root 11241100x80000000000000001742026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e625984dd1cac9d22022-02-14 08:44:12.180root 11241100x80000000000000001742027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86689759e94ea6f2022-02-14 08:44:12.180root 11241100x80000000000000001742028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e275d0a39a94fa2022-02-14 08:44:12.180root 11241100x80000000000000001742029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a5e26fcbd1c4ce2022-02-14 08:44:12.180root 11241100x80000000000000001742030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf02b1eaa7dd572c2022-02-14 08:44:12.181root 11241100x80000000000000001742031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7185d22bfe70ae472022-02-14 08:44:12.181root 11241100x80000000000000001742032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1926f120743bbc572022-02-14 08:44:12.181root 11241100x80000000000000001742033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65621b90ebe3aa522022-02-14 08:44:12.181root 11241100x80000000000000001742034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a99098444464c32022-02-14 08:44:12.182root 11241100x80000000000000001742035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b754d505d420d62022-02-14 08:44:12.182root 11241100x80000000000000001742036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4f78506f749c7a2022-02-14 08:44:12.182root 11241100x80000000000000001742037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8091ae48aafb0502022-02-14 08:44:12.182root 11241100x80000000000000001742038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c3fa8d3700c43b2022-02-14 08:44:12.182root 11241100x80000000000000001742039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f8bb4c64ad96152022-02-14 08:44:12.182root 11241100x80000000000000001742040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80caaa9bc0c6273e2022-02-14 08:44:12.182root 11241100x80000000000000001742041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b6909cce6f63e82022-02-14 08:44:12.183root 11241100x80000000000000001742042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75de6bed56ad00b22022-02-14 08:44:12.183root 11241100x80000000000000001742043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c26c93b338d79442022-02-14 08:44:12.183root 11241100x80000000000000001742044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962ef5ef2ebc25f32022-02-14 08:44:12.183root 11241100x80000000000000001742045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef29d08c0bbfeea2022-02-14 08:44:12.183root 11241100x80000000000000001742046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4daea160236edb472022-02-14 08:44:12.183root 11241100x80000000000000001742047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7767fa0dab860b82022-02-14 08:44:12.183root 11241100x80000000000000001742048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb21b2d2dcad86ed2022-02-14 08:44:12.183root 11241100x80000000000000001742049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2786a31fa4973152022-02-14 08:44:12.183root 11241100x80000000000000001742050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bc2a1d7e7f5e9f2022-02-14 08:44:12.183root 11241100x80000000000000001742051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b71829d1b91f552022-02-14 08:44:12.184root 11241100x80000000000000001742052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f276ff69292630142022-02-14 08:44:12.184root 11241100x80000000000000001742053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b01abbaedd8e0e2022-02-14 08:44:12.184root 11241100x80000000000000001742054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8393d4ebc39b0b2022-02-14 08:44:12.184root 11241100x80000000000000001742055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6852fc98397d6c2022-02-14 08:44:12.184root 11241100x80000000000000001742056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000ff03530c43cc72022-02-14 08:44:12.184root 11241100x80000000000000001742057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966ec8c6f7b9df452022-02-14 08:44:12.184root 11241100x80000000000000001742058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7014c8707d7cd7992022-02-14 08:44:12.184root 11241100x80000000000000001742059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2b09fe789decf12022-02-14 08:44:12.184root 11241100x80000000000000001742060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b7e57b39b93dbe2022-02-14 08:44:12.184root 11241100x80000000000000001742061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f772bd39f278e0412022-02-14 08:44:12.184root 11241100x80000000000000001742062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adbde7423cfdc172022-02-14 08:44:12.184root 11241100x80000000000000001742063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923fcadd960171342022-02-14 08:44:12.680root 11241100x80000000000000001742064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff4364c85b9873a2022-02-14 08:44:12.680root 11241100x80000000000000001742065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938f8ddbf161bb3a2022-02-14 08:44:12.680root 11241100x80000000000000001742066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6e4abedcb840702022-02-14 08:44:12.680root 11241100x80000000000000001742067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6535af923bea587c2022-02-14 08:44:12.681root 11241100x80000000000000001742068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2aad20f35140df02022-02-14 08:44:12.681root 11241100x80000000000000001742069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affedb7de912544c2022-02-14 08:44:12.681root 11241100x80000000000000001742070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63de4c64049f0fab2022-02-14 08:44:12.681root 11241100x80000000000000001742071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71552b0fc3fb50fa2022-02-14 08:44:12.681root 11241100x80000000000000001742072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5a3a8a42dce7262022-02-14 08:44:12.681root 11241100x80000000000000001742073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42f98af3e4c78202022-02-14 08:44:12.681root 11241100x80000000000000001742074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dedcb263e079d822022-02-14 08:44:12.681root 11241100x80000000000000001742075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6609e4ebda88e02022-02-14 08:44:12.682root 11241100x80000000000000001742076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690f276dd41ecf9d2022-02-14 08:44:12.682root 11241100x80000000000000001742077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bcd6d1d20f5ac32022-02-14 08:44:12.682root 11241100x80000000000000001742078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212474e740d026df2022-02-14 08:44:12.682root 11241100x80000000000000001742079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f970047d81cc483d2022-02-14 08:44:12.682root 11241100x80000000000000001742080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a82a7b641810ce52022-02-14 08:44:12.682root 11241100x80000000000000001742081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed67087ede5863e42022-02-14 08:44:12.683root 11241100x80000000000000001742082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4da313bdced9eba2022-02-14 08:44:12.683root 11241100x80000000000000001742083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e8a10e3e6e15f52022-02-14 08:44:12.683root 11241100x80000000000000001742084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e4641324a805672022-02-14 08:44:12.683root 11241100x80000000000000001742085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdef8f8d3ea112c32022-02-14 08:44:12.685root 11241100x80000000000000001742086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4a99a49b9953922022-02-14 08:44:12.686root 11241100x80000000000000001742087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bdc02dc37906f72022-02-14 08:44:12.686root 11241100x80000000000000001742088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f500dd45797915a72022-02-14 08:44:12.686root 11241100x80000000000000001742089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab272d1f2064cd9c2022-02-14 08:44:12.686root 11241100x80000000000000001742090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897d65ca936b35a62022-02-14 08:44:12.686root 11241100x80000000000000001742091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf429e445fb715f62022-02-14 08:44:12.686root 11241100x80000000000000001742092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc8258399118d982022-02-14 08:44:12.686root 11241100x80000000000000001742093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f637408a3a1c842022-02-14 08:44:12.686root 11241100x80000000000000001742094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e9435770d379772022-02-14 08:44:12.686root 11241100x80000000000000001742095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fee69eb6100fd0b2022-02-14 08:44:12.687root 11241100x80000000000000001742096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43f8afcc7a232762022-02-14 08:44:12.687root 11241100x80000000000000001742097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a32c7b008803352022-02-14 08:44:12.687root 11241100x80000000000000001742098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d81ec18224aaf82022-02-14 08:44:12.687root 11241100x80000000000000001742099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713de1e10035bdd32022-02-14 08:44:12.687root 11241100x80000000000000001742100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7eb195e8f91c782022-02-14 08:44:12.687root 11241100x80000000000000001742101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0376944e75b5a12022-02-14 08:44:12.687root 11241100x80000000000000001742102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28a410582d15abd2022-02-14 08:44:12.688root 11241100x80000000000000001742103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbcfcd678c379372022-02-14 08:44:12.688root 11241100x80000000000000001742104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c35c6c7811acbd72022-02-14 08:44:12.688root 11241100x80000000000000001742105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:12.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e47852fb6a94572022-02-14 08:44:12.688root 11241100x80000000000000001742106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9217bb960d3433ee2022-02-14 08:44:13.180root 11241100x80000000000000001742107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ab99ac6cf397fc2022-02-14 08:44:13.181root 11241100x80000000000000001742108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd09c6bfa6161602022-02-14 08:44:13.181root 11241100x80000000000000001742109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aeafadff5c3ccf02022-02-14 08:44:13.181root 11241100x80000000000000001742110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4099d7a486a032502022-02-14 08:44:13.181root 11241100x80000000000000001742111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0f4be23f28b7142022-02-14 08:44:13.181root 11241100x80000000000000001742112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f379e4e31df042322022-02-14 08:44:13.181root 11241100x80000000000000001742113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bca30934a54a62f2022-02-14 08:44:13.181root 11241100x80000000000000001742114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4550fc8dd5ee5d2022-02-14 08:44:13.181root 11241100x80000000000000001742115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bf980b8fda7a3a2022-02-14 08:44:13.182root 11241100x80000000000000001742116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa5166bd09917bd2022-02-14 08:44:13.182root 11241100x80000000000000001742117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c67b55097cf55772022-02-14 08:44:13.182root 11241100x80000000000000001742118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20dbb7d253ad1f5f2022-02-14 08:44:13.182root 11241100x80000000000000001742119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cb064e40f483822022-02-14 08:44:13.182root 11241100x80000000000000001742120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b57356662d04652022-02-14 08:44:13.182root 11241100x80000000000000001742121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4560a6155fbd9d6e2022-02-14 08:44:13.182root 11241100x80000000000000001742122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51cae9b9460d901f2022-02-14 08:44:13.182root 11241100x80000000000000001742123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57840978df049d12022-02-14 08:44:13.182root 11241100x80000000000000001742124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf992fd9034319f62022-02-14 08:44:13.182root 11241100x80000000000000001742125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91f981a5b9c4dcb2022-02-14 08:44:13.183root 11241100x80000000000000001742126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c18c90c888569422022-02-14 08:44:13.183root 11241100x80000000000000001742127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2faaae5d508ca02022-02-14 08:44:13.183root 11241100x80000000000000001742128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e459a27246616ac62022-02-14 08:44:13.183root 11241100x80000000000000001742129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d7bb893a13cd4f2022-02-14 08:44:13.183root 11241100x80000000000000001742130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc90f3f6f62f1e92022-02-14 08:44:13.183root 11241100x80000000000000001742131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3d618ce3c53b542022-02-14 08:44:13.183root 11241100x80000000000000001742132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f0d8f1d555ee542022-02-14 08:44:13.183root 11241100x80000000000000001742133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c263f2288782fd2c2022-02-14 08:44:13.183root 11241100x80000000000000001742134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea70adf2c0bd0f12022-02-14 08:44:13.183root 11241100x80000000000000001742135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f108a18cf8c81ac2022-02-14 08:44:13.183root 11241100x80000000000000001742136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4221232fad7ca3cd2022-02-14 08:44:13.183root 11241100x80000000000000001742137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76026e6cb83f722f2022-02-14 08:44:13.184root 11241100x80000000000000001742138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946ebe7cea26c58f2022-02-14 08:44:13.184root 11241100x80000000000000001742139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5006c825f0ddca42022-02-14 08:44:13.184root 11241100x80000000000000001742140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63bfafef34308502022-02-14 08:44:13.184root 11241100x80000000000000001742141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa3c96160e11a182022-02-14 08:44:13.184root 11241100x80000000000000001742142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ac502ff43d7cd92022-02-14 08:44:13.184root 11241100x80000000000000001742143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff273af95e4b3aec2022-02-14 08:44:13.184root 11241100x80000000000000001742144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6866bbdc2fd4b9902022-02-14 08:44:13.184root 11241100x80000000000000001742145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6c9812fea0d1ef2022-02-14 08:44:13.184root 11241100x80000000000000001742146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a44f1bf512ed0452022-02-14 08:44:13.184root 11241100x80000000000000001742147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf04c5c884904052022-02-14 08:44:13.184root 23542300x80000000000000001742148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.207{ec2ab09f-1002-620a-3078-922c7d550000}1328root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000001742149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ccdcb94d29c0c72022-02-14 08:44:13.680root 11241100x80000000000000001742150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329a9f3004e869f92022-02-14 08:44:13.680root 11241100x80000000000000001742151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f724e96c2eeb7ffe2022-02-14 08:44:13.680root 11241100x80000000000000001742152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe34c30fc2006db2022-02-14 08:44:13.680root 11241100x80000000000000001742153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1930ac15efd8e15b2022-02-14 08:44:13.680root 11241100x80000000000000001742154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bee9e3101e85fbc2022-02-14 08:44:13.680root 11241100x80000000000000001742155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75baf3ddb0ffc9662022-02-14 08:44:13.680root 11241100x80000000000000001742156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be9ebb7d84e2e032022-02-14 08:44:13.680root 11241100x80000000000000001742157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27632683df30b0492022-02-14 08:44:13.680root 11241100x80000000000000001742158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0845c37393ae7e2022-02-14 08:44:13.681root 11241100x80000000000000001742159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783ebcec8bb511fb2022-02-14 08:44:13.681root 11241100x80000000000000001742160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9490f3c72a4e7e22022-02-14 08:44:13.681root 11241100x80000000000000001742161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f45a9882d965012022-02-14 08:44:13.681root 11241100x80000000000000001742162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbee22eeafd776052022-02-14 08:44:13.681root 11241100x80000000000000001742163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d02fc94712f04f12022-02-14 08:44:13.681root 11241100x80000000000000001742164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e11467b6f65e512022-02-14 08:44:13.681root 11241100x80000000000000001742165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2276f227a5acac3d2022-02-14 08:44:13.681root 11241100x80000000000000001742166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb88b025cce020892022-02-14 08:44:13.681root 11241100x80000000000000001742167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1754d48151e5f1632022-02-14 08:44:13.682root 11241100x80000000000000001742168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a7eb9109df551d2022-02-14 08:44:13.682root 11241100x80000000000000001742169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db75b4a53012ea62022-02-14 08:44:13.682root 11241100x80000000000000001742170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bfc0969b2c88a12022-02-14 08:44:13.682root 11241100x80000000000000001742171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a91b0c1c8147cd2022-02-14 08:44:13.682root 11241100x80000000000000001742172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b47a27e593eea282022-02-14 08:44:13.682root 11241100x80000000000000001742173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454f7afe39eca2b32022-02-14 08:44:13.682root 11241100x80000000000000001742174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf064293a18e90a2022-02-14 08:44:13.682root 11241100x80000000000000001742175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c54095149ba309c2022-02-14 08:44:13.682root 11241100x80000000000000001742176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819f206e373fca172022-02-14 08:44:13.682root 11241100x80000000000000001742177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d4a67f54eb9f762022-02-14 08:44:13.682root 11241100x80000000000000001742178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316652e0d85ecd1a2022-02-14 08:44:13.683root 11241100x80000000000000001742179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a868e631f1ca9bab2022-02-14 08:44:13.683root 11241100x80000000000000001742180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30ad5c274d644be2022-02-14 08:44:13.683root 11241100x80000000000000001742181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e205e4dc9a7ae78e2022-02-14 08:44:13.683root 11241100x80000000000000001742182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8f76bdbe9d08fb2022-02-14 08:44:13.683root 11241100x80000000000000001742183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b3c1373683e95f2022-02-14 08:44:13.683root 11241100x80000000000000001742184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73291a1c848809f2022-02-14 08:44:13.683root 11241100x80000000000000001742185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ccca7c584276ed2022-02-14 08:44:13.683root 11241100x80000000000000001742186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f169d7e851f03ac72022-02-14 08:44:13.683root 11241100x80000000000000001742187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae52e7ab6d1eaae2022-02-14 08:44:13.683root 11241100x80000000000000001742188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6a7b9724944bc42022-02-14 08:44:13.683root 11241100x80000000000000001742189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace0d2e1d583b3a82022-02-14 08:44:13.684root 11241100x80000000000000001742190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14385b4c0828cb62022-02-14 08:44:13.684root 11241100x80000000000000001742191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805b8bc2c3f4d2b42022-02-14 08:44:13.684root 11241100x80000000000000001742192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904d3878bc3f41a22022-02-14 08:44:13.684root 11241100x80000000000000001742193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbe1fe9966484c62022-02-14 08:44:13.684root 11241100x80000000000000001742194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f52d91dd318fa8a2022-02-14 08:44:13.684root 11241100x80000000000000001742195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed633eb2f1fa6dd2022-02-14 08:44:13.684root 11241100x80000000000000001742196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3eff693c69b15a2022-02-14 08:44:13.684root 11241100x80000000000000001742197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225d8278e38201c12022-02-14 08:44:13.684root 11241100x80000000000000001742198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6bb475258d8bcd2022-02-14 08:44:13.684root 11241100x80000000000000001742199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18d47ead5f597e22022-02-14 08:44:13.684root 11241100x80000000000000001742200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62407ec9e3cc2ec2022-02-14 08:44:13.685root 11241100x80000000000000001742201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d93664c013619ef2022-02-14 08:44:13.685root 11241100x80000000000000001742202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f279f245ddee12c72022-02-14 08:44:13.685root 11241100x80000000000000001742203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db23b48fef8cca172022-02-14 08:44:13.685root 11241100x80000000000000001742204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2821fe4995be02a52022-02-14 08:44:13.685root 11241100x80000000000000001742205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc99a1fe14ff65c2022-02-14 08:44:13.685root 11241100x80000000000000001742206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba241103187f9392022-02-14 08:44:13.685root 11241100x80000000000000001742207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf2e6e015bb1f7b2022-02-14 08:44:13.685root 11241100x80000000000000001742208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:13.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fcb43051dea8ab42022-02-14 08:44:13.686root 11241100x80000000000000001742209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca8bc1849abfa332022-02-14 08:44:14.180root 11241100x80000000000000001742210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55438b6f5eb6a25a2022-02-14 08:44:14.181root 11241100x80000000000000001742211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0681983f84ec4f2022-02-14 08:44:14.181root 11241100x80000000000000001742212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb91ba11461ea612022-02-14 08:44:14.181root 11241100x80000000000000001742213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6332d2ffbb810fa92022-02-14 08:44:14.181root 11241100x80000000000000001742214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5b765c7a2376902022-02-14 08:44:14.181root 11241100x80000000000000001742215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61cbd3e0a1e308d72022-02-14 08:44:14.181root 11241100x80000000000000001742216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1ec862c16b61bb2022-02-14 08:44:14.181root 11241100x80000000000000001742217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06e5e78ee9ac23e2022-02-14 08:44:14.181root 11241100x80000000000000001742218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21da1188b12efe92022-02-14 08:44:14.182root 11241100x80000000000000001742219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f85c353e2c24952022-02-14 08:44:14.182root 11241100x80000000000000001742220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e748e859eadfb2d2022-02-14 08:44:14.182root 11241100x80000000000000001742221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef72c70364e41fc2022-02-14 08:44:14.182root 11241100x80000000000000001742222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6aad5b0955f1a4d2022-02-14 08:44:14.182root 11241100x80000000000000001742223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ed35cceeb75deb2022-02-14 08:44:14.182root 11241100x80000000000000001742224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61cc3a74dd638c12022-02-14 08:44:14.182root 11241100x80000000000000001742225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c897de440d52422022-02-14 08:44:14.182root 11241100x80000000000000001742226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6285a4a6723761652022-02-14 08:44:14.182root 11241100x80000000000000001742227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbc169730f6b0162022-02-14 08:44:14.182root 11241100x80000000000000001742228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d495c2466bc4402022-02-14 08:44:14.183root 11241100x80000000000000001742229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce74b4d11f5da772022-02-14 08:44:14.183root 11241100x80000000000000001742230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790699137244b7162022-02-14 08:44:14.183root 11241100x80000000000000001742231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7594f7b20fda3a8f2022-02-14 08:44:14.183root 11241100x80000000000000001742232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090b31f53d1810872022-02-14 08:44:14.183root 11241100x80000000000000001742233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5f4627cb9f10c42022-02-14 08:44:14.183root 11241100x80000000000000001742234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1359b5e4a894302022-02-14 08:44:14.183root 11241100x80000000000000001742235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56669ea53fab24612022-02-14 08:44:14.183root 11241100x80000000000000001742236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a55d2f162fc7572022-02-14 08:44:14.183root 11241100x80000000000000001742237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc74aab119fce782022-02-14 08:44:14.183root 11241100x80000000000000001742238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e34a20bbb6d35532022-02-14 08:44:14.183root 11241100x80000000000000001742239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d736f12c792ccfb2022-02-14 08:44:14.184root 11241100x80000000000000001742240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4462cd10edf20bb72022-02-14 08:44:14.184root 11241100x80000000000000001742241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aaa210d220258fd2022-02-14 08:44:14.184root 11241100x80000000000000001742242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b5c874346540972022-02-14 08:44:14.184root 11241100x80000000000000001742243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c00ad67bad44802022-02-14 08:44:14.184root 11241100x80000000000000001742244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dec389dac09055d2022-02-14 08:44:14.184root 11241100x80000000000000001742245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cf312fe24a8bb82022-02-14 08:44:14.184root 11241100x80000000000000001742246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcae428113b96de2022-02-14 08:44:14.184root 11241100x80000000000000001742247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2478d37bd4498c9a2022-02-14 08:44:14.185root 11241100x80000000000000001742248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56da99d6ad9c3c1b2022-02-14 08:44:14.185root 11241100x80000000000000001742249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0621c8c40c5973962022-02-14 08:44:14.680root 11241100x80000000000000001742250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f453e419368d382022-02-14 08:44:14.680root 11241100x80000000000000001742251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed5af1033f2d7922022-02-14 08:44:14.680root 11241100x80000000000000001742252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4169150b173665f02022-02-14 08:44:14.680root 11241100x80000000000000001742253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca13f7f7463a488b2022-02-14 08:44:14.681root 11241100x80000000000000001742254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca114def8524cbb2022-02-14 08:44:14.681root 11241100x80000000000000001742255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b0384c7fe6b5d22022-02-14 08:44:14.681root 11241100x80000000000000001742256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946d0ece9c9fff942022-02-14 08:44:14.681root 11241100x80000000000000001742257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007036c71f9aa1db2022-02-14 08:44:14.681root 11241100x80000000000000001742258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fdc6f5d2c94a022022-02-14 08:44:14.682root 11241100x80000000000000001742259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49054de53b603cb72022-02-14 08:44:14.682root 11241100x80000000000000001742260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97674464ba90e7b2022-02-14 08:44:14.682root 11241100x80000000000000001742261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c375a11ff2142cf2022-02-14 08:44:14.682root 11241100x80000000000000001742262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fe7152bea6a6942022-02-14 08:44:14.683root 11241100x80000000000000001742263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d655d30a27826492022-02-14 08:44:14.683root 11241100x80000000000000001742264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc521e02cf8350d2022-02-14 08:44:14.683root 11241100x80000000000000001742265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefca953f3e870462022-02-14 08:44:14.684root 11241100x80000000000000001742266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4b29013686e3c42022-02-14 08:44:14.684root 11241100x80000000000000001742267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34988fad8bf7a3222022-02-14 08:44:14.684root 11241100x80000000000000001742268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec85b33feb654952022-02-14 08:44:14.684root 11241100x80000000000000001742269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b71c47a86e5e362022-02-14 08:44:14.685root 11241100x80000000000000001742270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b1f0e4c5a9bfe02022-02-14 08:44:14.685root 11241100x80000000000000001742271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b82ea5ad7623b32022-02-14 08:44:14.685root 11241100x80000000000000001742272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7336498c2d204672022-02-14 08:44:14.686root 11241100x80000000000000001742273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e8b79db5859ee92022-02-14 08:44:14.686root 11241100x80000000000000001742274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae0cc955925829a2022-02-14 08:44:14.687root 11241100x80000000000000001742275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d56fc9defb173b2022-02-14 08:44:14.687root 11241100x80000000000000001742276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5b5d5f90729c712022-02-14 08:44:14.687root 11241100x80000000000000001742277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4108a0a43c0002322022-02-14 08:44:14.687root 11241100x80000000000000001742278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07a414a97cef6152022-02-14 08:44:14.687root 11241100x80000000000000001742279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a8039671f3f51d2022-02-14 08:44:14.687root 11241100x80000000000000001742280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b30589785af7c82022-02-14 08:44:14.687root 11241100x80000000000000001742281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b9e94fb80d4e342022-02-14 08:44:14.687root 11241100x80000000000000001742282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1591d21e9df825352022-02-14 08:44:14.687root 11241100x80000000000000001742283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c23498e2f3a2c0a2022-02-14 08:44:14.688root 11241100x80000000000000001742284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee59733fe36af5062022-02-14 08:44:14.688root 11241100x80000000000000001742285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568697bdec646c562022-02-14 08:44:14.688root 11241100x80000000000000001742286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01b5db7d00e1c732022-02-14 08:44:14.688root 11241100x80000000000000001742287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0c3712978553962022-02-14 08:44:14.688root 11241100x80000000000000001742288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826335a573fea52e2022-02-14 08:44:14.688root 11241100x80000000000000001742289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c593df3fec348c4d2022-02-14 08:44:14.688root 11241100x80000000000000001742290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d671d750ecd0f85e2022-02-14 08:44:14.688root 11241100x80000000000000001742291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5095547c14431a212022-02-14 08:44:14.688root 11241100x80000000000000001742292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd2283eb0b70ac52022-02-14 08:44:14.688root 11241100x80000000000000001742293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a860a10a3509a52022-02-14 08:44:14.688root 11241100x80000000000000001742294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5378c66939ebe932022-02-14 08:44:14.689root 11241100x80000000000000001742295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:14.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7675638687422b2022-02-14 08:44:14.689root 11241100x80000000000000001742296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9346ace180d9fbe02022-02-14 08:44:15.180root 11241100x80000000000000001742297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79e25204a5e3f352022-02-14 08:44:15.180root 11241100x80000000000000001742298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a807dda13cfb7ec12022-02-14 08:44:15.181root 11241100x80000000000000001742299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa103e73381b0ca2022-02-14 08:44:15.181root 11241100x80000000000000001742300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbf209cd0658ea22022-02-14 08:44:15.181root 11241100x80000000000000001742301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1290c9cadd39eee2022-02-14 08:44:15.181root 11241100x80000000000000001742302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705f712427783bc42022-02-14 08:44:15.181root 11241100x80000000000000001742303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e4db03587a61aa2022-02-14 08:44:15.181root 11241100x80000000000000001742304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e05ebdaed3a7de2022-02-14 08:44:15.181root 11241100x80000000000000001742305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f0047f57bf79302022-02-14 08:44:15.182root 11241100x80000000000000001742306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4e04116c3485eb2022-02-14 08:44:15.182root 11241100x80000000000000001742307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517caaf094138fdf2022-02-14 08:44:15.182root 11241100x80000000000000001742308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6f4e253f2f25162022-02-14 08:44:15.182root 11241100x80000000000000001742309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df71e693f4dc722e2022-02-14 08:44:15.182root 11241100x80000000000000001742310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071f8854393703912022-02-14 08:44:15.182root 11241100x80000000000000001742311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2da37aeb05039452022-02-14 08:44:15.182root 11241100x80000000000000001742312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a27cb0f04fba6842022-02-14 08:44:15.182root 11241100x80000000000000001742313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5644804f4829d02022-02-14 08:44:15.182root 11241100x80000000000000001742314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b66551c892c7cf42022-02-14 08:44:15.182root 11241100x80000000000000001742315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed36352aab040f92022-02-14 08:44:15.183root 11241100x80000000000000001742316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750f5c53d643273f2022-02-14 08:44:15.183root 11241100x80000000000000001742317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dcd5f3d4dc7d5872022-02-14 08:44:15.183root 11241100x80000000000000001742318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f70d35f9cb93c0c2022-02-14 08:44:15.183root 11241100x80000000000000001742319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0efa4a651edafb2022-02-14 08:44:15.183root 11241100x80000000000000001742320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d573a543d485de912022-02-14 08:44:15.183root 11241100x80000000000000001742321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368b7d598ffc8bb22022-02-14 08:44:15.183root 11241100x80000000000000001742322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891b96f5331ef24e2022-02-14 08:44:15.183root 11241100x80000000000000001742323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75d25c3aa68ce402022-02-14 08:44:15.183root 11241100x80000000000000001742324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6508e19602c9252022-02-14 08:44:15.183root 11241100x80000000000000001742325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cf2ef5571d0a252022-02-14 08:44:15.183root 11241100x80000000000000001742326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc37b991bd8d120e2022-02-14 08:44:15.183root 11241100x80000000000000001742327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd02bd78d788a8e12022-02-14 08:44:15.184root 11241100x80000000000000001742328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f03ff17741270ce2022-02-14 08:44:15.184root 11241100x80000000000000001742329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac258ac12f43743f2022-02-14 08:44:15.184root 11241100x80000000000000001742330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679b399e2c41b8cd2022-02-14 08:44:15.184root 11241100x80000000000000001742331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f12365de40415552022-02-14 08:44:15.184root 11241100x80000000000000001742332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e82c380469d9b342022-02-14 08:44:15.184root 11241100x80000000000000001742333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cced3c3355dbc4ea2022-02-14 08:44:15.184root 11241100x80000000000000001742334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b967e6abc0a4eb2022-02-14 08:44:15.184root 11241100x80000000000000001742335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e349f643a9def62022-02-14 08:44:15.184root 11241100x80000000000000001742336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74024cd36aa7889f2022-02-14 08:44:15.184root 11241100x80000000000000001742337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1e74dca3e0681a2022-02-14 08:44:15.184root 11241100x80000000000000001742338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a27a9c28f0e47a2022-02-14 08:44:15.680root 11241100x80000000000000001742339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d19e70818d14c9d2022-02-14 08:44:15.680root 11241100x80000000000000001742340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57c26ba06766c972022-02-14 08:44:15.680root 11241100x80000000000000001742341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00355ce64da09e52022-02-14 08:44:15.680root 11241100x80000000000000001742342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632799b67b55efad2022-02-14 08:44:15.680root 11241100x80000000000000001742343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cd9e6d76d77e5e2022-02-14 08:44:15.681root 11241100x80000000000000001742344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54b9d044cfca4e52022-02-14 08:44:15.681root 11241100x80000000000000001742345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44981cd2164a4dfd2022-02-14 08:44:15.681root 11241100x80000000000000001742346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89e2a320e5f1f6d2022-02-14 08:44:15.681root 11241100x80000000000000001742347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42ce034e4e5ad752022-02-14 08:44:15.681root 11241100x80000000000000001742348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c7a4bac9ff39b42022-02-14 08:44:15.681root 11241100x80000000000000001742349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c872accc364cc22022-02-14 08:44:15.681root 11241100x80000000000000001742350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154b6e281e66bbe22022-02-14 08:44:15.681root 11241100x80000000000000001742351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4796da250ed0e9952022-02-14 08:44:15.681root 11241100x80000000000000001742352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c317a6c63baf479c2022-02-14 08:44:15.681root 11241100x80000000000000001742353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8780d4403555a4392022-02-14 08:44:15.682root 11241100x80000000000000001742354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f836c1f6216be392022-02-14 08:44:15.682root 11241100x80000000000000001742355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffc75b128aa75142022-02-14 08:44:15.682root 11241100x80000000000000001742356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65761f169d2ab7122022-02-14 08:44:15.682root 11241100x80000000000000001742357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd91170b8e9a13482022-02-14 08:44:15.682root 11241100x80000000000000001742358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502999436938fcac2022-02-14 08:44:15.682root 11241100x80000000000000001742359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542698e17b21bb6c2022-02-14 08:44:15.682root 11241100x80000000000000001742360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac54aada28b4dd22022-02-14 08:44:15.682root 11241100x80000000000000001742361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6e985f826077032022-02-14 08:44:15.682root 11241100x80000000000000001742362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2aa80a29ed135462022-02-14 08:44:15.682root 11241100x80000000000000001742363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c563f26333e350e22022-02-14 08:44:15.683root 11241100x80000000000000001742364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b82c17320b48bf2022-02-14 08:44:15.683root 11241100x80000000000000001742365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b84126f032c01d2022-02-14 08:44:15.683root 11241100x80000000000000001742366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febc26ea9005f9a22022-02-14 08:44:15.683root 11241100x80000000000000001742367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152b40c1c8192faf2022-02-14 08:44:15.683root 11241100x80000000000000001742368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee7eb235bbea2102022-02-14 08:44:15.683root 11241100x80000000000000001742369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433879e9f4318e212022-02-14 08:44:15.683root 11241100x80000000000000001742370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9547a5e2bad8522022-02-14 08:44:15.684root 11241100x80000000000000001742371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09091429f3ace49a2022-02-14 08:44:15.684root 11241100x80000000000000001742372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e7971a537076272022-02-14 08:44:15.684root 11241100x80000000000000001742373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decc1769c7b569082022-02-14 08:44:15.684root 11241100x80000000000000001742374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6c77faf53448472022-02-14 08:44:15.684root 11241100x80000000000000001742375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b828ec07df7d8182022-02-14 08:44:15.684root 11241100x80000000000000001742376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db23954a8ca24982022-02-14 08:44:15.685root 11241100x80000000000000001742377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57e1850fbe883ca2022-02-14 08:44:15.685root 11241100x80000000000000001742378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac308e513a1991a2022-02-14 08:44:15.685root 11241100x80000000000000001742379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17a298c83c5af3a2022-02-14 08:44:15.685root 11241100x80000000000000001742380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5adaef87023e7012022-02-14 08:44:15.685root 11241100x80000000000000001742381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f676b200693ce72022-02-14 08:44:15.685root 11241100x80000000000000001742382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3dcab6798b9f452022-02-14 08:44:15.685root 11241100x80000000000000001742383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:15.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2292530b0ee3c5022022-02-14 08:44:15.685root 11241100x80000000000000001742384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd1bb1a1b2cc3c82022-02-14 08:44:16.180root 11241100x80000000000000001742385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb362da72783ac7e2022-02-14 08:44:16.180root 11241100x80000000000000001742386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12725cf08b5418be2022-02-14 08:44:16.181root 11241100x80000000000000001742387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413261ecf0c04edc2022-02-14 08:44:16.181root 11241100x80000000000000001742388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d576a8904102ae732022-02-14 08:44:16.181root 11241100x80000000000000001742389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f200376c814ef5f2022-02-14 08:44:16.181root 11241100x80000000000000001742390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6905367d95fa472a2022-02-14 08:44:16.182root 11241100x80000000000000001742391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dce72d0c41d8a302022-02-14 08:44:16.182root 11241100x80000000000000001742392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0901b61bdacfb8a22022-02-14 08:44:16.182root 11241100x80000000000000001742393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3578115e22d7782022-02-14 08:44:16.182root 11241100x80000000000000001742394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38cb2cbf09f16ed2022-02-14 08:44:16.182root 11241100x80000000000000001742395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360753ccd945618e2022-02-14 08:44:16.182root 11241100x80000000000000001742396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0282026ef6373e312022-02-14 08:44:16.183root 11241100x80000000000000001742397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb5a6ae60628fc62022-02-14 08:44:16.183root 11241100x80000000000000001742398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54327c5ac89b9862022-02-14 08:44:16.183root 11241100x80000000000000001742399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015be13cb2480c0f2022-02-14 08:44:16.183root 11241100x80000000000000001742400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a984182ceba4c1a2022-02-14 08:44:16.183root 11241100x80000000000000001742401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a46a9146121aef2022-02-14 08:44:16.183root 11241100x80000000000000001742402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7329752f14fa3bc52022-02-14 08:44:16.183root 11241100x80000000000000001742403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aacd8aebb71ecf22022-02-14 08:44:16.183root 11241100x80000000000000001742404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb3bcbe27f4f9022022-02-14 08:44:16.183root 11241100x80000000000000001742405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49170cadb8973ef2022-02-14 08:44:16.183root 11241100x80000000000000001742406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e713aa99be3677c2022-02-14 08:44:16.184root 11241100x80000000000000001742407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef241793165f0c32022-02-14 08:44:16.185root 11241100x80000000000000001742408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399e8267ea7044d32022-02-14 08:44:16.185root 11241100x80000000000000001742409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe10293d402ba352022-02-14 08:44:16.185root 11241100x80000000000000001742410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c96f4c5e2c731a42022-02-14 08:44:16.185root 11241100x80000000000000001742411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26155212a40728492022-02-14 08:44:16.185root 11241100x80000000000000001742412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141dd2695b78f63c2022-02-14 08:44:16.186root 11241100x80000000000000001742413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d007c8fac860d12022-02-14 08:44:16.186root 11241100x80000000000000001742414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc9f9bfa2a68ce42022-02-14 08:44:16.186root 11241100x80000000000000001742415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e156faa3763923c72022-02-14 08:44:16.186root 11241100x80000000000000001742416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd060ee0c71b31c2022-02-14 08:44:16.186root 11241100x80000000000000001742417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff02b64ca8696be32022-02-14 08:44:16.187root 11241100x80000000000000001742418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248ad49173bbd2202022-02-14 08:44:16.187root 11241100x80000000000000001742419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322369ee75a17a182022-02-14 08:44:16.187root 11241100x80000000000000001742420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6910e33bc400a3192022-02-14 08:44:16.187root 11241100x80000000000000001742421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa988fc90d9fd2e42022-02-14 08:44:16.187root 11241100x80000000000000001742422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ca731737a880342022-02-14 08:44:16.188root 11241100x80000000000000001742423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9134a655874d26922022-02-14 08:44:16.188root 11241100x80000000000000001742424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f52e460b7ad82c2022-02-14 08:44:16.188root 11241100x80000000000000001742425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadf1b5047a9d3702022-02-14 08:44:16.189root 11241100x80000000000000001742426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7283f7309cd5b94d2022-02-14 08:44:16.189root 11241100x80000000000000001742427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30177dadae2146032022-02-14 08:44:16.680root 11241100x80000000000000001742428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a25db73e429e1fa2022-02-14 08:44:16.680root 11241100x80000000000000001742429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b438c0a46a38e2842022-02-14 08:44:16.680root 11241100x80000000000000001742430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a31b689e3c842f22022-02-14 08:44:16.680root 11241100x80000000000000001742431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e670f28b0aff9852022-02-14 08:44:16.680root 11241100x80000000000000001742432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a53874246337c42022-02-14 08:44:16.681root 11241100x80000000000000001742433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538e4c2c2934f4c22022-02-14 08:44:16.681root 11241100x80000000000000001742434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3fac02489837312022-02-14 08:44:16.681root 11241100x80000000000000001742435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93004a09d3a38b952022-02-14 08:44:16.681root 11241100x80000000000000001742436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0251cacd5c9d7faa2022-02-14 08:44:16.681root 11241100x80000000000000001742437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33166ffad74727a2022-02-14 08:44:16.681root 11241100x80000000000000001742438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbdb9cddee2a05d2022-02-14 08:44:16.681root 11241100x80000000000000001742439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027b675041e67e732022-02-14 08:44:16.681root 11241100x80000000000000001742440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35de1e53238ce7382022-02-14 08:44:16.682root 11241100x80000000000000001742441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae1fc691dd0c72d2022-02-14 08:44:16.682root 11241100x80000000000000001742442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d338e582387cbc2022-02-14 08:44:16.682root 11241100x80000000000000001742443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8a31c9581c23f92022-02-14 08:44:16.682root 11241100x80000000000000001742444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dae09d4253498d92022-02-14 08:44:16.682root 11241100x80000000000000001742445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e0daa729eed0b82022-02-14 08:44:16.682root 11241100x80000000000000001742446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9936114ccbee8b2022-02-14 08:44:16.683root 11241100x80000000000000001742447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766d3cf4691022a52022-02-14 08:44:16.683root 11241100x80000000000000001742448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b6edb8f12fb2fa2022-02-14 08:44:16.683root 11241100x80000000000000001742449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc55721d491d12b2022-02-14 08:44:16.683root 11241100x80000000000000001742450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38ff12b48d2e9642022-02-14 08:44:16.683root 11241100x80000000000000001742451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1e91645d4087492022-02-14 08:44:16.684root 11241100x80000000000000001742452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27a89d0c60818e22022-02-14 08:44:16.684root 11241100x80000000000000001742453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ad7b44cb0bca462022-02-14 08:44:16.684root 11241100x80000000000000001742454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00d562b2411327e2022-02-14 08:44:16.685root 11241100x80000000000000001742455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa424626fd8be4bb2022-02-14 08:44:16.685root 11241100x80000000000000001742456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9f1813cd43afbf2022-02-14 08:44:16.685root 11241100x80000000000000001742457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5fa0f6afe8c96b2022-02-14 08:44:16.685root 11241100x80000000000000001742458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed229722be8dbeec2022-02-14 08:44:16.685root 11241100x80000000000000001742459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247f4196e36f60962022-02-14 08:44:16.685root 11241100x80000000000000001742460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d73256aad1219c22022-02-14 08:44:16.685root 11241100x80000000000000001742461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac6e45a20d817782022-02-14 08:44:16.685root 11241100x80000000000000001742462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66ba409605318872022-02-14 08:44:16.686root 11241100x80000000000000001742463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e92efd5314678ec2022-02-14 08:44:16.686root 11241100x80000000000000001742464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e789c79b60418ea2022-02-14 08:44:16.686root 11241100x80000000000000001742465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfef6e97683a1242022-02-14 08:44:16.686root 11241100x80000000000000001742466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:16.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96c921789f443622022-02-14 08:44:16.686root 11241100x80000000000000001742467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7932e1148cfe671e2022-02-14 08:44:17.181root 11241100x80000000000000001742468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb70fc3389d7e6fa2022-02-14 08:44:17.181root 11241100x80000000000000001742469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c358fd36d01bcb82022-02-14 08:44:17.181root 11241100x80000000000000001742470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f7d05f229e7b612022-02-14 08:44:17.181root 11241100x80000000000000001742471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8627a3fb271b00d72022-02-14 08:44:17.181root 11241100x80000000000000001742472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca826fd8d15cab212022-02-14 08:44:17.181root 11241100x80000000000000001742473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9663cc33c3ab87272022-02-14 08:44:17.181root 11241100x80000000000000001742474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e549c6a0da9f1c2022-02-14 08:44:17.181root 11241100x80000000000000001742475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f949db114f8d36082022-02-14 08:44:17.181root 11241100x80000000000000001742476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc05c4ed7bdf02092022-02-14 08:44:17.182root 11241100x80000000000000001742477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78ce97a2001a4612022-02-14 08:44:17.182root 11241100x80000000000000001742478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eccd909d3a8afa52022-02-14 08:44:17.182root 11241100x80000000000000001742479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56371f0e19a996302022-02-14 08:44:17.182root 11241100x80000000000000001742480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b909a4c4b5497abe2022-02-14 08:44:17.182root 11241100x80000000000000001742481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd000634273fad42022-02-14 08:44:17.182root 11241100x80000000000000001742482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15328a18cf0ab342022-02-14 08:44:17.182root 11241100x80000000000000001742483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03813d9a9aa21e72022-02-14 08:44:17.182root 11241100x80000000000000001742484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f73c5c955ea434d2022-02-14 08:44:17.182root 11241100x80000000000000001742485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe730ba621888bc2022-02-14 08:44:17.182root 11241100x80000000000000001742486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d10b639db60c4bf2022-02-14 08:44:17.183root 11241100x80000000000000001742487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bde3fa455fd5392022-02-14 08:44:17.183root 11241100x80000000000000001742488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b77b49aecc65b062022-02-14 08:44:17.183root 11241100x80000000000000001742489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c433b6fcd4885c352022-02-14 08:44:17.183root 11241100x80000000000000001742490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31cdbb0f009ed5692022-02-14 08:44:17.184root 11241100x80000000000000001742491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1d7d4924d56c542022-02-14 08:44:17.184root 11241100x80000000000000001742492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9628719e2a4e792022-02-14 08:44:17.185root 11241100x80000000000000001742493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68b08706a50296d2022-02-14 08:44:17.185root 11241100x80000000000000001742494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9339e1564328202022-02-14 08:44:17.185root 11241100x80000000000000001742495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1260b038b8fbb92022-02-14 08:44:17.185root 11241100x80000000000000001742496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a868402f07ad2d82022-02-14 08:44:17.185root 11241100x80000000000000001742497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6912c31b9ab78ab82022-02-14 08:44:17.185root 11241100x80000000000000001742498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3f97b9306893ee2022-02-14 08:44:17.185root 11241100x80000000000000001742499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82768a14ea8c51882022-02-14 08:44:17.185root 11241100x80000000000000001742500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130d8af86296d7772022-02-14 08:44:17.186root 11241100x80000000000000001742501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c654575c70ef2972022-02-14 08:44:17.186root 11241100x80000000000000001742502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077c562686215a7e2022-02-14 08:44:17.186root 11241100x80000000000000001742503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9339b084f0fa26e02022-02-14 08:44:17.186root 11241100x80000000000000001742504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38c37dbb551f7752022-02-14 08:44:17.186root 11241100x80000000000000001742505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6a2fb3b3c622652022-02-14 08:44:17.186root 11241100x80000000000000001742506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1ba8a75763abb62022-02-14 08:44:17.186root 354300x80000000000000001742507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.212{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51484-false10.0.1.12-8000- 11241100x80000000000000001742508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff6398018a05ec92022-02-14 08:44:17.680root 11241100x80000000000000001742509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389fea514e2276392022-02-14 08:44:17.680root 11241100x80000000000000001742510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ef6bf6dd8d0da92022-02-14 08:44:17.680root 11241100x80000000000000001742511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7945c9d051eddaa02022-02-14 08:44:17.680root 11241100x80000000000000001742512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aae20088766a5e22022-02-14 08:44:17.680root 11241100x80000000000000001742513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fa2c174d6842132022-02-14 08:44:17.680root 11241100x80000000000000001742514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61697b6c7e47cf822022-02-14 08:44:17.681root 11241100x80000000000000001742515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432a8b1fb67fd00d2022-02-14 08:44:17.681root 11241100x80000000000000001742516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8275002564ce2a42022-02-14 08:44:17.681root 11241100x80000000000000001742517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61dd5be35221a1442022-02-14 08:44:17.681root 11241100x80000000000000001742518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2b05d35231bc0d2022-02-14 08:44:17.681root 11241100x80000000000000001742519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f077dd4f828ba72022-02-14 08:44:17.681root 11241100x80000000000000001742520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cd04ef1da0149c2022-02-14 08:44:17.681root 11241100x80000000000000001742521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df70b73c25dcf9712022-02-14 08:44:17.681root 11241100x80000000000000001742522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad371198f44359f2022-02-14 08:44:17.681root 11241100x80000000000000001742523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a275a7e82f605a2022-02-14 08:44:17.682root 11241100x80000000000000001742524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e365b91ecf633a2022-02-14 08:44:17.682root 11241100x80000000000000001742525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab93696a7275a732022-02-14 08:44:17.682root 11241100x80000000000000001742526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f275aeb12b41d3e2022-02-14 08:44:17.682root 11241100x80000000000000001742527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883c6c7b86fd0b0c2022-02-14 08:44:17.682root 11241100x80000000000000001742528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254871a5dcf17c6f2022-02-14 08:44:17.683root 11241100x80000000000000001742529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edb27b0e2b1891e2022-02-14 08:44:17.683root 11241100x80000000000000001742530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c02726933083a52022-02-14 08:44:17.683root 11241100x80000000000000001742531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe423d8e7204fb42022-02-14 08:44:17.683root 11241100x80000000000000001742532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e49d3f73827a68f2022-02-14 08:44:17.683root 11241100x80000000000000001742533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2acc9d41d4d76582022-02-14 08:44:17.683root 11241100x80000000000000001742534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa200fc7d77c584b2022-02-14 08:44:17.683root 11241100x80000000000000001742535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7f6ee41b4662172022-02-14 08:44:17.684root 11241100x80000000000000001742536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935613a02d6802da2022-02-14 08:44:17.684root 11241100x80000000000000001742537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7369edb67605752022-02-14 08:44:17.684root 11241100x80000000000000001742538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac158f40f182e9772022-02-14 08:44:17.684root 11241100x80000000000000001742539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba31ddb96cec471e2022-02-14 08:44:17.684root 11241100x80000000000000001742540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdb5e0fe07c9aed2022-02-14 08:44:17.684root 11241100x80000000000000001742541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b531f58333d7372022-02-14 08:44:17.685root 11241100x80000000000000001742542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5fdbd1514cb5992022-02-14 08:44:17.685root 11241100x80000000000000001742543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56903612c64335692022-02-14 08:44:17.685root 11241100x80000000000000001742544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395f3f05a3aac84b2022-02-14 08:44:17.685root 11241100x80000000000000001742545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8424b29f79c36c3e2022-02-14 08:44:17.685root 11241100x80000000000000001742546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fe45c11371320f2022-02-14 08:44:17.685root 11241100x80000000000000001742547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd377bea29579f02022-02-14 08:44:17.685root 11241100x80000000000000001742548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf7f06ab1f42d122022-02-14 08:44:17.685root 11241100x80000000000000001742549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae1bb352e3f8a5d2022-02-14 08:44:17.686root 11241100x80000000000000001742550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4296d5a24f0c3d352022-02-14 08:44:17.686root 11241100x80000000000000001742551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c505ae2751f891c2022-02-14 08:44:17.686root 11241100x80000000000000001742552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdae38abe2d370c2022-02-14 08:44:17.686root 11241100x80000000000000001742553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db895006257934ad2022-02-14 08:44:17.686root 11241100x80000000000000001742554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fefcfe527101532022-02-14 08:44:17.686root 11241100x80000000000000001742555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:17.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc25c5c0401a5b92022-02-14 08:44:17.687root 11241100x80000000000000001742556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2673d20890889d6a2022-02-14 08:44:18.180root 11241100x80000000000000001742557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1288730fb4271d52022-02-14 08:44:18.180root 11241100x80000000000000001742558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a970a8142a5cc72022-02-14 08:44:18.180root 11241100x80000000000000001742559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17982cb1284da8f22022-02-14 08:44:18.180root 11241100x80000000000000001742560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21cacdf93d16e812022-02-14 08:44:18.180root 11241100x80000000000000001742561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad0f2f9bcf1aa7a2022-02-14 08:44:18.181root 11241100x80000000000000001742562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fddd0a622a29ca72022-02-14 08:44:18.181root 11241100x80000000000000001742563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5f7690fec363c92022-02-14 08:44:18.181root 11241100x80000000000000001742564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f9c98783f245c92022-02-14 08:44:18.181root 11241100x80000000000000001742565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5009d0dbe408b3f22022-02-14 08:44:18.181root 11241100x80000000000000001742566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815c9524ff19afae2022-02-14 08:44:18.182root 11241100x80000000000000001742567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca68a37be6d7c522022-02-14 08:44:18.182root 11241100x80000000000000001742568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad3d51b0ca98d812022-02-14 08:44:18.182root 11241100x80000000000000001742569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9e05024a9343d92022-02-14 08:44:18.182root 11241100x80000000000000001742570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90fc25cab17b56c2022-02-14 08:44:18.183root 11241100x80000000000000001742571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477022b914baffc52022-02-14 08:44:18.183root 11241100x80000000000000001742572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62120b725028db3d2022-02-14 08:44:18.183root 11241100x80000000000000001742573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ebf7bed6b94efe2022-02-14 08:44:18.183root 11241100x80000000000000001742574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb9cdc7dae560822022-02-14 08:44:18.183root 11241100x80000000000000001742575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b31dbd329e1f372022-02-14 08:44:18.183root 11241100x80000000000000001742576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a31d42eb42d27ed2022-02-14 08:44:18.184root 11241100x80000000000000001742577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe8ffe7e3b151d22022-02-14 08:44:18.184root 11241100x80000000000000001742578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f351206b74d2041e2022-02-14 08:44:18.184root 11241100x80000000000000001742579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8877bb8c0d666302022-02-14 08:44:18.184root 11241100x80000000000000001742580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bec4514dcb889952022-02-14 08:44:18.184root 11241100x80000000000000001742581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a472256b94b20da2022-02-14 08:44:18.184root 11241100x80000000000000001742582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55e0f565b31b40b2022-02-14 08:44:18.185root 11241100x80000000000000001742583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35d77f61b40e43b2022-02-14 08:44:18.185root 11241100x80000000000000001742584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df9804536ec80972022-02-14 08:44:18.185root 11241100x80000000000000001742585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a14e1951deb42812022-02-14 08:44:18.185root 11241100x80000000000000001742586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36bdb0f134d0c4e2022-02-14 08:44:18.186root 11241100x80000000000000001742587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0cf72dc673cffa2022-02-14 08:44:18.186root 11241100x80000000000000001742588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68180fa32421e17e2022-02-14 08:44:18.186root 11241100x80000000000000001742589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b496a9041919753a2022-02-14 08:44:18.186root 11241100x80000000000000001742590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8bd76c294304a42022-02-14 08:44:18.186root 11241100x80000000000000001742591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9910fb3fda244e2022-02-14 08:44:18.186root 11241100x80000000000000001742592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fcd80d11c7028602022-02-14 08:44:18.186root 11241100x80000000000000001742593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6f09fda76492a72022-02-14 08:44:18.186root 11241100x80000000000000001742594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a34e1f10c811d62022-02-14 08:44:18.186root 11241100x80000000000000001742595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06fbaafe31b8dbb22022-02-14 08:44:18.187root 11241100x80000000000000001742596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6bfae1738327562022-02-14 08:44:18.187root 11241100x80000000000000001742597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f6b611a99d01552022-02-14 08:44:18.187root 11241100x80000000000000001742598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6fe5c8ffb50cce2022-02-14 08:44:18.187root 11241100x80000000000000001742599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6754697bfba189062022-02-14 08:44:18.187root 11241100x80000000000000001742600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc57246d93a9292c2022-02-14 08:44:18.187root 11241100x80000000000000001742601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4947771146a0c49b2022-02-14 08:44:18.187root 11241100x80000000000000001742602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbba50f26ef6bfa22022-02-14 08:44:18.187root 11241100x80000000000000001742603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adad2556f5146e852022-02-14 08:44:18.187root 11241100x80000000000000001742604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe7e63159e864db2022-02-14 08:44:18.680root 11241100x80000000000000001742605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d04d38531b356352022-02-14 08:44:18.680root 11241100x80000000000000001742606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029dc5e1cab7c2c72022-02-14 08:44:18.680root 11241100x80000000000000001742607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55290c0e4509e61d2022-02-14 08:44:18.680root 11241100x80000000000000001742608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e58cf4fab731dad2022-02-14 08:44:18.681root 11241100x80000000000000001742609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6534175df997b442022-02-14 08:44:18.681root 11241100x80000000000000001742610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fc59b32eb6e4402022-02-14 08:44:18.681root 11241100x80000000000000001742611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6074273732e33c52022-02-14 08:44:18.681root 11241100x80000000000000001742612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e496e0bf99714a992022-02-14 08:44:18.681root 11241100x80000000000000001742613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2e83e606dbcd582022-02-14 08:44:18.681root 11241100x80000000000000001742614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b38290dd00936f72022-02-14 08:44:18.681root 11241100x80000000000000001742615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff47e5264a8d58d2022-02-14 08:44:18.681root 11241100x80000000000000001742616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b02721d40f805962022-02-14 08:44:18.682root 11241100x80000000000000001742617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e069a6d6d793c7222022-02-14 08:44:18.682root 11241100x80000000000000001742618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a427a12092c7802022-02-14 08:44:18.682root 11241100x80000000000000001742619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32159fd4de2445832022-02-14 08:44:18.682root 11241100x80000000000000001742620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6605ea46ba380752022-02-14 08:44:18.682root 11241100x80000000000000001742621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1986b9f128c89b3b2022-02-14 08:44:18.682root 11241100x80000000000000001742622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e386feb674061b22022-02-14 08:44:18.683root 11241100x80000000000000001742623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9f69d75f925e4a2022-02-14 08:44:18.683root 11241100x80000000000000001742624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c870cf25a9ad7882022-02-14 08:44:18.683root 11241100x80000000000000001742625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48641a9ca7c330942022-02-14 08:44:18.683root 11241100x80000000000000001742626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddf9bb56850cf242022-02-14 08:44:18.683root 11241100x80000000000000001742627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9701fa7a65269e62022-02-14 08:44:18.683root 11241100x80000000000000001742628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d118c225176af82022-02-14 08:44:18.684root 11241100x80000000000000001742629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510acd84ee21d38f2022-02-14 08:44:18.684root 11241100x80000000000000001742630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e85b72a3138696b2022-02-14 08:44:18.684root 11241100x80000000000000001742631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef79e9a67f6c92f52022-02-14 08:44:18.684root 11241100x80000000000000001742632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed36901153bd3f882022-02-14 08:44:18.684root 11241100x80000000000000001742633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af36c8fa6347025d2022-02-14 08:44:18.685root 11241100x80000000000000001742634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8872f30013b9eb102022-02-14 08:44:18.685root 11241100x80000000000000001742635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d2d495a1768baf2022-02-14 08:44:18.685root 11241100x80000000000000001742636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aafd526fa63386f2022-02-14 08:44:18.685root 11241100x80000000000000001742637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c2ce196969d5b92022-02-14 08:44:18.685root 11241100x80000000000000001742638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5886bca0692d386b2022-02-14 08:44:18.685root 11241100x80000000000000001742639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c557916165a780d92022-02-14 08:44:18.685root 11241100x80000000000000001742640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225b5e94b0819c572022-02-14 08:44:18.685root 11241100x80000000000000001742641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbda59a2c54eb1162022-02-14 08:44:18.687root 11241100x80000000000000001742642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f2f90d40334b812022-02-14 08:44:18.687root 11241100x80000000000000001742643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead44ef13da118752022-02-14 08:44:18.687root 11241100x80000000000000001742644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf34f0d63ff7bf62022-02-14 08:44:18.687root 11241100x80000000000000001742645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6657f76d6d2d407d2022-02-14 08:44:18.687root 11241100x80000000000000001742646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74602aba3fadc23f2022-02-14 08:44:18.688root 11241100x80000000000000001742647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5cb35761f3300e2022-02-14 08:44:18.688root 11241100x80000000000000001742648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962e5bae5f5b504b2022-02-14 08:44:18.688root 11241100x80000000000000001742649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2d9a959970e0e72022-02-14 08:44:18.688root 11241100x80000000000000001742650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2969cb8e701f960d2022-02-14 08:44:18.688root 11241100x80000000000000001742651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:18.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40509b58c771d7d72022-02-14 08:44:18.688root 11241100x80000000000000001742652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009c5d826b63265c2022-02-14 08:44:19.180root 11241100x80000000000000001742653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064284a80771ac702022-02-14 08:44:19.181root 11241100x80000000000000001742654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7799879c6a60002a2022-02-14 08:44:19.181root 11241100x80000000000000001742655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c1397b5cb940282022-02-14 08:44:19.181root 11241100x80000000000000001742656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0eaa6cc70b8661a2022-02-14 08:44:19.181root 11241100x80000000000000001742657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e030f72b1624172022-02-14 08:44:19.181root 11241100x80000000000000001742658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68ad129d09225252022-02-14 08:44:19.182root 11241100x80000000000000001742659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3d5129f2a2db692022-02-14 08:44:19.182root 11241100x80000000000000001742660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e18442b34aab122022-02-14 08:44:19.182root 11241100x80000000000000001742661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031eac1b47a422e52022-02-14 08:44:19.182root 11241100x80000000000000001742662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769e35cc0674a3452022-02-14 08:44:19.182root 11241100x80000000000000001742663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806e8a2d235ce9962022-02-14 08:44:19.182root 11241100x80000000000000001742664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22020f530e32a86c2022-02-14 08:44:19.182root 11241100x80000000000000001742665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b25471348aabdf2022-02-14 08:44:19.182root 11241100x80000000000000001742666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8798e181a81e15c42022-02-14 08:44:19.182root 11241100x80000000000000001742667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8485123f28195b72022-02-14 08:44:19.182root 11241100x80000000000000001742668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cbff84febb4f152022-02-14 08:44:19.182root 11241100x80000000000000001742669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a33a2606034a462022-02-14 08:44:19.183root 11241100x80000000000000001742670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c02ceeea26394362022-02-14 08:44:19.183root 11241100x80000000000000001742671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da148982c9d2f6c62022-02-14 08:44:19.183root 11241100x80000000000000001742672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a337f68f6eceeda2022-02-14 08:44:19.183root 11241100x80000000000000001742673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf512c5736eb3562022-02-14 08:44:19.183root 11241100x80000000000000001742674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b20377053631cef2022-02-14 08:44:19.183root 11241100x80000000000000001742675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70337c65542c6b4d2022-02-14 08:44:19.183root 11241100x80000000000000001742676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c168e66f4d4499ba2022-02-14 08:44:19.183root 11241100x80000000000000001742677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0592c9614631482022-02-14 08:44:19.183root 11241100x80000000000000001742678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be49b874d80a8712022-02-14 08:44:19.184root 11241100x80000000000000001742679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a89373ec392c88f2022-02-14 08:44:19.184root 11241100x80000000000000001742680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c50d0ded265fc12022-02-14 08:44:19.185root 11241100x80000000000000001742681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa50d7733a081c502022-02-14 08:44:19.185root 11241100x80000000000000001742682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2076f358639cf1a2022-02-14 08:44:19.185root 11241100x80000000000000001742683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eca0691d647c9622022-02-14 08:44:19.188root 11241100x80000000000000001742684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29648a5e742c2ea2022-02-14 08:44:19.188root 11241100x80000000000000001742685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17515f1cf7b25ad82022-02-14 08:44:19.188root 11241100x80000000000000001742686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5b4c474ac314322022-02-14 08:44:19.189root 11241100x80000000000000001742687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a4523a016ed26a2022-02-14 08:44:19.189root 11241100x80000000000000001742688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f46ee489e8ac2dd2022-02-14 08:44:19.189root 11241100x80000000000000001742689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602c01b1d6ba31ba2022-02-14 08:44:19.189root 11241100x80000000000000001742690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7927a19a02d9b4012022-02-14 08:44:19.189root 11241100x80000000000000001742691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b54e6334a2ed332022-02-14 08:44:19.190root 11241100x80000000000000001742692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75add859703313632022-02-14 08:44:19.190root 11241100x80000000000000001742693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da0c918a005dc912022-02-14 08:44:19.190root 11241100x80000000000000001742694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11aaef68a571abbc2022-02-14 08:44:19.190root 11241100x80000000000000001742695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a0015a1c40a3ed2022-02-14 08:44:19.190root 11241100x80000000000000001742696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09daf05c069e1c02022-02-14 08:44:19.190root 11241100x80000000000000001742697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e481ee089f4712ec2022-02-14 08:44:19.680root 11241100x80000000000000001742698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d929d2bed6df3d2022-02-14 08:44:19.680root 11241100x80000000000000001742699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a928e2419c769432022-02-14 08:44:19.680root 11241100x80000000000000001742700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14edbc0d51ebe5d2022-02-14 08:44:19.680root 11241100x80000000000000001742701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7f964133cde8f22022-02-14 08:44:19.680root 11241100x80000000000000001742702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a97f889742442c2022-02-14 08:44:19.680root 11241100x80000000000000001742703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4424164e2006812022-02-14 08:44:19.680root 11241100x80000000000000001742704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a104a5412074ce302022-02-14 08:44:19.680root 11241100x80000000000000001742705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa39c45ebeda6f822022-02-14 08:44:19.681root 11241100x80000000000000001742706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059623895b99dfbf2022-02-14 08:44:19.681root 11241100x80000000000000001742707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae9b851fe5c28122022-02-14 08:44:19.681root 11241100x80000000000000001742708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2328f43fc5cdb782022-02-14 08:44:19.681root 11241100x80000000000000001742709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74dd2bce8557fd92022-02-14 08:44:19.681root 11241100x80000000000000001742710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9570849216cf646e2022-02-14 08:44:19.681root 11241100x80000000000000001742711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c70a9c42004e4d2022-02-14 08:44:19.681root 11241100x80000000000000001742712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8523e79cc9f91d2022-02-14 08:44:19.682root 11241100x80000000000000001742713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3752888158cb78d72022-02-14 08:44:19.682root 11241100x80000000000000001742714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416c22708221d8cf2022-02-14 08:44:19.682root 11241100x80000000000000001742715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438e16ed7e3168dc2022-02-14 08:44:19.682root 11241100x80000000000000001742716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53924b2ce93ca1572022-02-14 08:44:19.682root 11241100x80000000000000001742717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d40e0480e8ec1a2022-02-14 08:44:19.682root 11241100x80000000000000001742718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5e83429205e6a52022-02-14 08:44:19.682root 11241100x80000000000000001742719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f23f249bda6d3c42022-02-14 08:44:19.682root 11241100x80000000000000001742720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c7f7e5674408d42022-02-14 08:44:19.683root 11241100x80000000000000001742721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb463a30dd59b052022-02-14 08:44:19.683root 11241100x80000000000000001742722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf647b5cbb418442022-02-14 08:44:19.683root 11241100x80000000000000001742723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fbaddf5b7251902022-02-14 08:44:19.683root 11241100x80000000000000001742724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993fdb82c18b6e0f2022-02-14 08:44:19.683root 11241100x80000000000000001742725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaab6da58e2743032022-02-14 08:44:19.683root 11241100x80000000000000001742726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a63d9f65ef2e9952022-02-14 08:44:19.683root 11241100x80000000000000001742727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c79093d98f720f42022-02-14 08:44:19.683root 11241100x80000000000000001742728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e91d6dc138a34c02022-02-14 08:44:19.683root 11241100x80000000000000001742729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d9cf979bbda2512022-02-14 08:44:19.683root 11241100x80000000000000001742730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996321de6d91597e2022-02-14 08:44:19.684root 11241100x80000000000000001742731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee703fcdb067c7fb2022-02-14 08:44:19.684root 11241100x80000000000000001742732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dea98445e15dab2022-02-14 08:44:19.684root 11241100x80000000000000001742733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e29800c8be75e7b2022-02-14 08:44:19.684root 11241100x80000000000000001742734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e53bdd4ea2a4572022-02-14 08:44:19.684root 11241100x80000000000000001742735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d511de310ee0c72022-02-14 08:44:19.684root 11241100x80000000000000001742736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8503cbd31c4290002022-02-14 08:44:19.684root 11241100x80000000000000001742737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad957191323eb9732022-02-14 08:44:19.684root 11241100x80000000000000001742738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5deded284b45152022-02-14 08:44:19.684root 11241100x80000000000000001742739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662f94e0ddf2ffa62022-02-14 08:44:19.684root 11241100x80000000000000001742740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916b12c5d77f3f042022-02-14 08:44:19.685root 11241100x80000000000000001742741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e3bc1f9f016cc82022-02-14 08:44:19.685root 11241100x80000000000000001742742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73a200756179a792022-02-14 08:44:19.685root 11241100x80000000000000001742743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053ce8a7cf5abb0f2022-02-14 08:44:19.685root 11241100x80000000000000001742744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e38b6cb4ff3a9702022-02-14 08:44:19.685root 11241100x80000000000000001742745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8e8440b77d149f2022-02-14 08:44:19.686root 11241100x80000000000000001742746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956ad59c4a38af182022-02-14 08:44:19.686root 11241100x80000000000000001742747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57f660fede78d0d2022-02-14 08:44:19.686root 11241100x80000000000000001742748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c445e5e040066ad2022-02-14 08:44:19.686root 11241100x80000000000000001742749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3e99e1f96b07672022-02-14 08:44:19.686root 11241100x80000000000000001742750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf4e25659caf2f32022-02-14 08:44:19.686root 11241100x80000000000000001742751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07dec49a67ad7ee82022-02-14 08:44:19.686root 11241100x80000000000000001742752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb07744bc4d741c2022-02-14 08:44:19.686root 11241100x80000000000000001742753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df4568b99d41ac32022-02-14 08:44:19.686root 11241100x80000000000000001742754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6893200362472ae2022-02-14 08:44:19.687root 11241100x80000000000000001742755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cd558e9a34494f2022-02-14 08:44:19.687root 11241100x80000000000000001742756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec569b4c8675d202022-02-14 08:44:19.687root 11241100x80000000000000001742757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728f52f2254e78972022-02-14 08:44:19.687root 11241100x80000000000000001742758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e13c3eeb4bae922022-02-14 08:44:19.687root 11241100x80000000000000001742759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f7c0c9b9613c772022-02-14 08:44:19.687root 11241100x80000000000000001742760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd76ed37c9270bb2022-02-14 08:44:19.687root 11241100x80000000000000001742761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba042845fcf2b072022-02-14 08:44:19.687root 11241100x80000000000000001742762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b8893f623513302022-02-14 08:44:19.687root 11241100x80000000000000001742763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e6025f5ff97aa42022-02-14 08:44:19.687root 11241100x80000000000000001742764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d1da57e07d53b12022-02-14 08:44:19.688root 11241100x80000000000000001742765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24aecc4739199b62022-02-14 08:44:19.688root 11241100x80000000000000001742766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f506c8efc7654b8e2022-02-14 08:44:19.688root 11241100x80000000000000001742767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70276b674b1215c72022-02-14 08:44:19.688root 11241100x80000000000000001742768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991fbff9984598b82022-02-14 08:44:19.688root 11241100x80000000000000001742769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce208fb55fa608632022-02-14 08:44:19.689root 11241100x80000000000000001742770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e7705cc0d0a3162022-02-14 08:44:19.689root 11241100x80000000000000001742771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81723964bad163e52022-02-14 08:44:19.689root 11241100x80000000000000001742772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67135420b3c2c182022-02-14 08:44:19.689root 11241100x80000000000000001742773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb361bffaeeb1912022-02-14 08:44:19.689root 11241100x80000000000000001742774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7991444a095c41542022-02-14 08:44:19.689root 11241100x80000000000000001742775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e0602458a32d532022-02-14 08:44:19.690root 11241100x80000000000000001742776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409f8022d4862ac42022-02-14 08:44:19.690root 11241100x80000000000000001742777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d44a7aed8f2d9f2022-02-14 08:44:19.692root 11241100x80000000000000001742778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfc03923ae2e93d2022-02-14 08:44:19.692root 11241100x80000000000000001742779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c628a058c566622022-02-14 08:44:19.692root 11241100x80000000000000001742780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40f1754abdff9ae2022-02-14 08:44:19.692root 11241100x80000000000000001742781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cb80b7d5d2a47f2022-02-14 08:44:19.692root 11241100x80000000000000001742782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2597043f7a67e02022-02-14 08:44:19.692root 11241100x80000000000000001742783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce622cf22d9fd102022-02-14 08:44:19.692root 11241100x80000000000000001742784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:19.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840e64af8f998d432022-02-14 08:44:19.693root 11241100x80000000000000001742785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf2a7872122d6bb2022-02-14 08:44:20.180root 11241100x80000000000000001742786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17980104018ea172022-02-14 08:44:20.180root 11241100x80000000000000001742787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550f5316ef15941f2022-02-14 08:44:20.180root 11241100x80000000000000001742788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45597acbf7298e4f2022-02-14 08:44:20.181root 11241100x80000000000000001742789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c437d90972770a2022-02-14 08:44:20.181root 11241100x80000000000000001742790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39fd0dabd5b730d2022-02-14 08:44:20.181root 11241100x80000000000000001742791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902b8b67a0fb4a422022-02-14 08:44:20.181root 11241100x80000000000000001742792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cd225aa5162dec2022-02-14 08:44:20.181root 11241100x80000000000000001742793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fccfc109c09da7d2022-02-14 08:44:20.181root 11241100x80000000000000001742794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f9da9b9b5b5d192022-02-14 08:44:20.181root 11241100x80000000000000001742795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0729aaf581e05142022-02-14 08:44:20.181root 11241100x80000000000000001742796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a83acc8eb1de642022-02-14 08:44:20.181root 11241100x80000000000000001742797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4fdcda039a959582022-02-14 08:44:20.182root 11241100x80000000000000001742798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721d645be25a12e12022-02-14 08:44:20.182root 11241100x80000000000000001742799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d0a743fe226b7b2022-02-14 08:44:20.182root 11241100x80000000000000001742800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0d4e555e1867862022-02-14 08:44:20.182root 11241100x80000000000000001742801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd58ed06a8021cb2022-02-14 08:44:20.182root 11241100x80000000000000001742802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7f5975fae5cdf52022-02-14 08:44:20.182root 11241100x80000000000000001742803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6357d2e31f34cde72022-02-14 08:44:20.182root 11241100x80000000000000001742804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcc81c47092705e2022-02-14 08:44:20.182root 11241100x80000000000000001742805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcf1a6c295e69522022-02-14 08:44:20.182root 11241100x80000000000000001742806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b84ebbcfc5d74f2022-02-14 08:44:20.183root 11241100x80000000000000001742807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc1fa3ff910d9c12022-02-14 08:44:20.183root 11241100x80000000000000001742808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072eeb90dc191b8e2022-02-14 08:44:20.183root 11241100x80000000000000001742809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f74c4ef49ec63b2022-02-14 08:44:20.183root 11241100x80000000000000001742810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c82f073afeb0782022-02-14 08:44:20.183root 11241100x80000000000000001742811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f61527489eb7842022-02-14 08:44:20.183root 11241100x80000000000000001742812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2e302a8015f6582022-02-14 08:44:20.183root 11241100x80000000000000001742813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034fc52b699abdfb2022-02-14 08:44:20.183root 11241100x80000000000000001742814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a5187c469a1fa62022-02-14 08:44:20.183root 11241100x80000000000000001742815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ceb1b9a2ca20afe2022-02-14 08:44:20.183root 11241100x80000000000000001742816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fdd230341591fb2022-02-14 08:44:20.184root 11241100x80000000000000001742817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057dd40a80a2ba542022-02-14 08:44:20.184root 11241100x80000000000000001742818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299f96b486ebbf1a2022-02-14 08:44:20.184root 11241100x80000000000000001742819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f992b384e54cac2022-02-14 08:44:20.184root 11241100x80000000000000001742820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0a14377622eced2022-02-14 08:44:20.184root 11241100x80000000000000001742821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db41789a4e49a2792022-02-14 08:44:20.184root 11241100x80000000000000001742822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9647f95b09ab42722022-02-14 08:44:20.184root 11241100x80000000000000001742823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4824d4ec86b8fa3f2022-02-14 08:44:20.184root 11241100x80000000000000001742824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32940b1f7de1e9da2022-02-14 08:44:20.184root 11241100x80000000000000001742825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2f117f95c0a7a32022-02-14 08:44:20.184root 11241100x80000000000000001742826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be5e49388336c5f2022-02-14 08:44:20.185root 11241100x80000000000000001742827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e45138e88d1d112022-02-14 08:44:20.185root 11241100x80000000000000001742828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbe3d632be0b4152022-02-14 08:44:20.185root 11241100x80000000000000001742829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50af4313e7ab3322022-02-14 08:44:20.185root 11241100x80000000000000001742830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb26915d4c034bf2022-02-14 08:44:20.185root 11241100x80000000000000001742831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f6af01621399e82022-02-14 08:44:20.189root 11241100x80000000000000001742832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e388b09e3a33cad42022-02-14 08:44:20.189root 11241100x80000000000000001742833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a027934f252ac7252022-02-14 08:44:20.189root 11241100x80000000000000001742834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a676af169d050bc2022-02-14 08:44:20.189root 11241100x80000000000000001742835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c23743e6d206c012022-02-14 08:44:20.190root 11241100x80000000000000001742836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b907b4bd1ff24e2022-02-14 08:44:20.190root 11241100x80000000000000001742837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b944fb35019edfd52022-02-14 08:44:20.190root 11241100x80000000000000001742838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11152d1750c4d70b2022-02-14 08:44:20.190root 11241100x80000000000000001742839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9537744ec46d3fa2022-02-14 08:44:20.190root 11241100x80000000000000001742840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d7bd29d96e0feb2022-02-14 08:44:20.191root 11241100x80000000000000001742841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355674d62d15ff612022-02-14 08:44:20.191root 11241100x80000000000000001742842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b7c6bb05b539052022-02-14 08:44:20.191root 11241100x80000000000000001742843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e705c5e7fb0880e62022-02-14 08:44:20.191root 11241100x80000000000000001742844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e9520327ce82612022-02-14 08:44:20.191root 11241100x80000000000000001742845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9037b1dca7e4a1e62022-02-14 08:44:20.191root 11241100x80000000000000001742846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006b72a218f1c6892022-02-14 08:44:20.191root 11241100x80000000000000001742847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ce79321e3b911a2022-02-14 08:44:20.191root 11241100x80000000000000001742848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bea01555f9446fb2022-02-14 08:44:20.191root 11241100x80000000000000001742849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d753dc02ea6fdbc2022-02-14 08:44:20.191root 11241100x80000000000000001742850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4984e3e30e82e6962022-02-14 08:44:20.191root 11241100x80000000000000001742851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f54c88434147982022-02-14 08:44:20.192root 11241100x80000000000000001742852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078491d16f71d0742022-02-14 08:44:20.192root 11241100x80000000000000001742853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3516b0c212704ad22022-02-14 08:44:20.192root 11241100x80000000000000001742854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2470cddf357bd1a92022-02-14 08:44:20.192root 11241100x80000000000000001742855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e20f35f8d9b22252022-02-14 08:44:20.192root 11241100x80000000000000001742856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1731f42bff4029b42022-02-14 08:44:20.192root 11241100x80000000000000001742857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcb7bb47c9d2d432022-02-14 08:44:20.192root 11241100x80000000000000001742858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6961088bbc5a1f2022-02-14 08:44:20.192root 11241100x80000000000000001742859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fa32a8f8b72c292022-02-14 08:44:20.192root 11241100x80000000000000001742860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5219ecd59b5dd3a52022-02-14 08:44:20.192root 11241100x80000000000000001742861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29bf0f10366d7ab42022-02-14 08:44:20.192root 11241100x80000000000000001742862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df7d90be522b6d92022-02-14 08:44:20.192root 11241100x80000000000000001742863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618cb15c6c0aa11a2022-02-14 08:44:20.192root 11241100x80000000000000001742864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49df628b052d119d2022-02-14 08:44:20.192root 11241100x80000000000000001742865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d010a33028c4262022-02-14 08:44:20.193root 11241100x80000000000000001742866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efbd24335fda9fe2022-02-14 08:44:20.193root 11241100x80000000000000001742867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa1c856fb706f0e2022-02-14 08:44:20.193root 11241100x80000000000000001742868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70605ac788e7fada2022-02-14 08:44:20.193root 11241100x80000000000000001742869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d3bc2695af00c42022-02-14 08:44:20.193root 11241100x80000000000000001742870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf845ee8b12f9b32022-02-14 08:44:20.193root 11241100x80000000000000001742871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e9e6f96bbd9c012022-02-14 08:44:20.680root 11241100x80000000000000001742872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac6cbbb77e05f192022-02-14 08:44:20.681root 11241100x80000000000000001742873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af43f88ea30213a72022-02-14 08:44:20.681root 11241100x80000000000000001742874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbe5a58917e1aeb2022-02-14 08:44:20.681root 11241100x80000000000000001742875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f24bccc60dddd72022-02-14 08:44:20.681root 11241100x80000000000000001742876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee9cce795a293522022-02-14 08:44:20.681root 11241100x80000000000000001742877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc73632bcbb4b07f2022-02-14 08:44:20.681root 11241100x80000000000000001742878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558e45fb101fd0142022-02-14 08:44:20.681root 11241100x80000000000000001742879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6f6e7ebd435d5a2022-02-14 08:44:20.681root 11241100x80000000000000001742880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494a3f8ef4ae5d422022-02-14 08:44:20.681root 11241100x80000000000000001742881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f0197d53c77f8e2022-02-14 08:44:20.682root 11241100x80000000000000001742882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23cd9301292e817d2022-02-14 08:44:20.682root 11241100x80000000000000001742883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c26024507d0f112022-02-14 08:44:20.682root 11241100x80000000000000001742884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b190327669e454c2022-02-14 08:44:20.682root 11241100x80000000000000001742885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604c505e1da0a65b2022-02-14 08:44:20.682root 11241100x80000000000000001742886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f948b138a2b11ece2022-02-14 08:44:20.682root 11241100x80000000000000001742887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2435d1b43a0f89f2022-02-14 08:44:20.682root 11241100x80000000000000001742888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71ad29e747877102022-02-14 08:44:20.682root 11241100x80000000000000001742889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574bdca66fd52d602022-02-14 08:44:20.682root 11241100x80000000000000001742890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d924ec3e5f43672022-02-14 08:44:20.682root 11241100x80000000000000001742891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63476d7284436bad2022-02-14 08:44:20.682root 11241100x80000000000000001742892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407bcc622d2b64672022-02-14 08:44:20.682root 11241100x80000000000000001742893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9980c6ef042d593b2022-02-14 08:44:20.682root 11241100x80000000000000001742894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df2d561c0d099ae2022-02-14 08:44:20.683root 11241100x80000000000000001742895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccee9ebccfc11c8c2022-02-14 08:44:20.683root 11241100x80000000000000001742896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3237b6cac4d7e8d22022-02-14 08:44:20.683root 11241100x80000000000000001742897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76feba5ce4f40fc2022-02-14 08:44:20.683root 11241100x80000000000000001742898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630c4b398d5096382022-02-14 08:44:20.683root 11241100x80000000000000001742899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a231a04742c6992022-02-14 08:44:20.683root 11241100x80000000000000001742900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77a81e0fcb4738f2022-02-14 08:44:20.683root 11241100x80000000000000001742901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cc4aebc2f706fe2022-02-14 08:44:20.683root 11241100x80000000000000001742902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f458b586867aa52022-02-14 08:44:20.683root 11241100x80000000000000001742903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfb955470ba0b522022-02-14 08:44:20.684root 11241100x80000000000000001742904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c846028f9be9dd82022-02-14 08:44:20.684root 11241100x80000000000000001742905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138212c0faea40ad2022-02-14 08:44:20.684root 11241100x80000000000000001742906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ac0c495366c12f2022-02-14 08:44:20.684root 11241100x80000000000000001742907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49309713e41131012022-02-14 08:44:20.684root 11241100x80000000000000001742908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19dc806e1461228a2022-02-14 08:44:20.685root 11241100x80000000000000001742909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4f3c8b714fa4732022-02-14 08:44:20.685root 11241100x80000000000000001742910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c49c7ffb56ba282022-02-14 08:44:20.685root 11241100x80000000000000001742911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef18b41f3c633c32022-02-14 08:44:20.685root 11241100x80000000000000001742912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd34e30f1b3cd27e2022-02-14 08:44:20.685root 11241100x80000000000000001742913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8b219df4b88cfb2022-02-14 08:44:20.686root 11241100x80000000000000001742914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db322ba3a804e0362022-02-14 08:44:20.686root 11241100x80000000000000001742915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2f0923c516724d2022-02-14 08:44:20.686root 11241100x80000000000000001742916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bdefebc4840cd12022-02-14 08:44:20.686root 11241100x80000000000000001742917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf697a26b02bd5ff2022-02-14 08:44:20.686root 11241100x80000000000000001742918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11e90a66d4894af2022-02-14 08:44:20.686root 11241100x80000000000000001742919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354e37472567ece92022-02-14 08:44:20.686root 11241100x80000000000000001742920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fc3432961afa7c2022-02-14 08:44:20.687root 11241100x80000000000000001742921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59028e2df788d3b2022-02-14 08:44:20.687root 11241100x80000000000000001742922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0e647da2a4987d2022-02-14 08:44:20.687root 11241100x80000000000000001742923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db99019135c7ac6b2022-02-14 08:44:20.687root 11241100x80000000000000001742924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513876178e9ac2922022-02-14 08:44:20.687root 11241100x80000000000000001742925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4bbf2c49147a112022-02-14 08:44:20.687root 11241100x80000000000000001742926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb596b6c7a8fb5cc2022-02-14 08:44:20.687root 11241100x80000000000000001742927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c261be9e159fc8762022-02-14 08:44:20.687root 11241100x80000000000000001742928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae5ee32cc8f0b952022-02-14 08:44:20.687root 11241100x80000000000000001742929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67278eb75cdfb8812022-02-14 08:44:20.687root 11241100x80000000000000001742930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55dc090b96bb2722022-02-14 08:44:20.687root 11241100x80000000000000001742931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab7a33f96937d362022-02-14 08:44:20.689root 11241100x80000000000000001742932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9252df2b72afa52022-02-14 08:44:20.689root 11241100x80000000000000001742933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ff0265ddf6c1392022-02-14 08:44:20.689root 11241100x80000000000000001742934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6182821dd1c0ca2022-02-14 08:44:20.689root 11241100x80000000000000001742935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd168a77573afb312022-02-14 08:44:20.690root 11241100x80000000000000001742936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9da10c1e1599b02022-02-14 08:44:20.690root 11241100x80000000000000001742937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb705b19a8b48442022-02-14 08:44:20.691root 11241100x80000000000000001742938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157c93a0cdfb42d32022-02-14 08:44:20.691root 11241100x80000000000000001742939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d724b59d36df4d2022-02-14 08:44:20.691root 11241100x80000000000000001742940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6921f876d6301002022-02-14 08:44:20.691root 11241100x80000000000000001742941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90af56e5a3f1cd7a2022-02-14 08:44:20.691root 11241100x80000000000000001742942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488903713485bcd32022-02-14 08:44:20.698root 11241100x80000000000000001742943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7195bb7ab262302022-02-14 08:44:20.698root 11241100x80000000000000001742944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f39ae60625628b2022-02-14 08:44:20.698root 11241100x80000000000000001742945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e28362f0fba9acc2022-02-14 08:44:20.698root 11241100x80000000000000001742946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d1803d698807d22022-02-14 08:44:20.698root 11241100x80000000000000001742947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d3578e3cdc960e2022-02-14 08:44:20.698root 11241100x80000000000000001742948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30552e67d2bb8c762022-02-14 08:44:20.698root 11241100x80000000000000001742949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b55eec86f1df982022-02-14 08:44:20.698root 11241100x80000000000000001742950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9818fd1dc5c1dc22022-02-14 08:44:20.699root 11241100x80000000000000001742951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6602da5c85e1f32022-02-14 08:44:20.699root 11241100x80000000000000001742952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128fb381ad6e967d2022-02-14 08:44:20.699root 11241100x80000000000000001742953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf4ddd132a795442022-02-14 08:44:20.699root 11241100x80000000000000001742954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319236f516d10cb22022-02-14 08:44:20.699root 11241100x80000000000000001742955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6afbe6357f8f7b42022-02-14 08:44:20.699root 11241100x80000000000000001742956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee9053e87d4dccc2022-02-14 08:44:20.699root 11241100x80000000000000001742957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c536db2a49b0c7f2022-02-14 08:44:20.699root 11241100x80000000000000001742958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50cd7e5f83073d572022-02-14 08:44:20.700root 11241100x80000000000000001742959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d6e07ff76770892022-02-14 08:44:20.700root 11241100x80000000000000001742960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ea2f312e1664462022-02-14 08:44:20.700root 11241100x80000000000000001742961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d1adc96ada61902022-02-14 08:44:20.700root 11241100x80000000000000001742962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba80955fe6fb6a642022-02-14 08:44:20.700root 11241100x80000000000000001742963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68647c02b7976f432022-02-14 08:44:20.702root 11241100x80000000000000001742964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668fc74fda98cbd92022-02-14 08:44:20.702root 11241100x80000000000000001742965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0214a1c514cee08b2022-02-14 08:44:20.702root 11241100x80000000000000001742966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d34a17acfcbdd22022-02-14 08:44:20.703root 11241100x80000000000000001742967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6599783e46c3a1ac2022-02-14 08:44:20.703root 11241100x80000000000000001742968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7287bd1baa2f89d72022-02-14 08:44:20.704root 11241100x80000000000000001742969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58833f2c3bdc02532022-02-14 08:44:20.704root 11241100x80000000000000001742970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551626a8edbdc9d52022-02-14 08:44:20.704root 11241100x80000000000000001742971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e9861d5e84c8012022-02-14 08:44:20.704root 11241100x80000000000000001742972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f933810fbd2f232022-02-14 08:44:20.706root 11241100x80000000000000001742973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c40c7e08bb03332022-02-14 08:44:20.706root 11241100x80000000000000001742974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765152643bcaebe52022-02-14 08:44:20.706root 11241100x80000000000000001742975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b0f46d66e7da3b2022-02-14 08:44:20.706root 11241100x80000000000000001742976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd8512b0b61dd532022-02-14 08:44:20.706root 11241100x80000000000000001742977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37286a2e08793d5b2022-02-14 08:44:20.706root 11241100x80000000000000001742978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.707{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4651ca1f9d67f2732022-02-14 08:44:20.707root 11241100x80000000000000001742979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.708{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e175664c5d30adb32022-02-14 08:44:20.708root 11241100x80000000000000001742980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.709{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ebf041ae6a39742022-02-14 08:44:20.709root 11241100x80000000000000001742981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.709{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79be302479ab6fd02022-02-14 08:44:20.709root 11241100x80000000000000001742982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:20.709{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06fdf440181a01e42022-02-14 08:44:20.709root 11241100x80000000000000001742983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec836cc2515c70582022-02-14 08:44:21.180root 11241100x80000000000000001742984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3d09bbcb6f08a52022-02-14 08:44:21.181root 11241100x80000000000000001742985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3c7faf8d9a73052022-02-14 08:44:21.181root 11241100x80000000000000001742986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f4733adf30dc652022-02-14 08:44:21.181root 11241100x80000000000000001742987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf73014f3c748662022-02-14 08:44:21.181root 11241100x80000000000000001742988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c01340321a82822022-02-14 08:44:21.182root 11241100x80000000000000001742989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b5feb37fa53a0f2022-02-14 08:44:21.182root 11241100x80000000000000001742990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ababb38b0cc0a24b2022-02-14 08:44:21.182root 11241100x80000000000000001742991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd8a6174c8e5e122022-02-14 08:44:21.182root 11241100x80000000000000001742992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff97482bc92c27b2022-02-14 08:44:21.182root 11241100x80000000000000001742993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d20e776b99ecea22022-02-14 08:44:21.182root 11241100x80000000000000001742994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454010466cd1e12b2022-02-14 08:44:21.182root 11241100x80000000000000001742995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c46b664a6c5a5d82022-02-14 08:44:21.182root 11241100x80000000000000001742996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30d1b8c8a1c5bdd2022-02-14 08:44:21.182root 11241100x80000000000000001742997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e3bde7224d37f02022-02-14 08:44:21.182root 11241100x80000000000000001742998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c330f2e56a58de52022-02-14 08:44:21.182root 11241100x80000000000000001742999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9d7f80c1f5f0082022-02-14 08:44:21.182root 11241100x80000000000000001743000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bc3867ae02d88a2022-02-14 08:44:21.182root 11241100x80000000000000001743001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1330914dc00ac1462022-02-14 08:44:21.182root 11241100x80000000000000001743002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cb75d89ce8ea1b2022-02-14 08:44:21.183root 11241100x80000000000000001743003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d083751fa7c9a92022-02-14 08:44:21.183root 11241100x80000000000000001743004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4784982fb6d4e82022-02-14 08:44:21.183root 11241100x80000000000000001743005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b33dcf2a775c8f2022-02-14 08:44:21.183root 11241100x80000000000000001743006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e47e5a864f72862022-02-14 08:44:21.183root 11241100x80000000000000001743007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea45726cbecf4f012022-02-14 08:44:21.183root 11241100x80000000000000001743008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa201cc4741de6a2022-02-14 08:44:21.183root 11241100x80000000000000001743009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a597049b9da97ff52022-02-14 08:44:21.183root 11241100x80000000000000001743010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ab3fba51e6b51f2022-02-14 08:44:21.183root 11241100x80000000000000001743011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca20ddfc135c9262022-02-14 08:44:21.183root 11241100x80000000000000001743012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ceff5f7cdf617762022-02-14 08:44:21.183root 11241100x80000000000000001743013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab28b90ad7ed9822022-02-14 08:44:21.183root 11241100x80000000000000001743014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2a154d665890502022-02-14 08:44:21.183root 11241100x80000000000000001743015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4647f6eaaf93690d2022-02-14 08:44:21.183root 11241100x80000000000000001743016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2f584adbfca5c32022-02-14 08:44:21.184root 11241100x80000000000000001743017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1d391723bf323d2022-02-14 08:44:21.184root 11241100x80000000000000001743018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091a63ef1cf54aa82022-02-14 08:44:21.184root 11241100x80000000000000001743019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efff4cff7feac4e22022-02-14 08:44:21.184root 11241100x80000000000000001743020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b363848d8891ffb12022-02-14 08:44:21.184root 11241100x80000000000000001743021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7f837190f49cba2022-02-14 08:44:21.184root 11241100x80000000000000001743022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b538c1f5b3de8bb62022-02-14 08:44:21.184root 11241100x80000000000000001743023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b50d5da68c2d282022-02-14 08:44:21.186root 11241100x80000000000000001743024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045c5c8163c6b66d2022-02-14 08:44:21.186root 11241100x80000000000000001743025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c5746c620beb412022-02-14 08:44:21.186root 11241100x80000000000000001743026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab8e383ed70ea4e2022-02-14 08:44:21.186root 11241100x80000000000000001743027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5af200eb6d52902022-02-14 08:44:21.186root 11241100x80000000000000001743028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68535f19bb05a1002022-02-14 08:44:21.680root 11241100x80000000000000001743029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8207e986d7647e2022-02-14 08:44:21.680root 11241100x80000000000000001743030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e343b4972380c5de2022-02-14 08:44:21.681root 11241100x80000000000000001743031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4125c847c1d59f2022-02-14 08:44:21.681root 11241100x80000000000000001743032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4645651cb955e942022-02-14 08:44:21.681root 11241100x80000000000000001743033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95d8c0a7024e3cb2022-02-14 08:44:21.681root 11241100x80000000000000001743034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883c678146280ddd2022-02-14 08:44:21.681root 11241100x80000000000000001743035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f679dc809f813d02022-02-14 08:44:21.681root 11241100x80000000000000001743036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74197b9ae1315a632022-02-14 08:44:21.682root 11241100x80000000000000001743037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617bec48a06ae2fd2022-02-14 08:44:21.685root 11241100x80000000000000001743038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6554e2a92f418b1f2022-02-14 08:44:21.685root 11241100x80000000000000001743039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e754962b93f8a5b82022-02-14 08:44:21.685root 11241100x80000000000000001743040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cabc743e5c5bd22022-02-14 08:44:21.685root 11241100x80000000000000001743041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77df39cdb0f88ccb2022-02-14 08:44:21.685root 11241100x80000000000000001743042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9432e8c4296c7762022-02-14 08:44:21.685root 11241100x80000000000000001743043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e52852188dcb9c2022-02-14 08:44:21.685root 11241100x80000000000000001743044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6250f83e519cab82022-02-14 08:44:21.686root 11241100x80000000000000001743045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a8a415a00415092022-02-14 08:44:21.686root 11241100x80000000000000001743046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d75038a153921502022-02-14 08:44:21.686root 11241100x80000000000000001743047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05eb2900e51a82932022-02-14 08:44:21.686root 11241100x80000000000000001743048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8542d74a313e11592022-02-14 08:44:21.686root 11241100x80000000000000001743049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6bf148a71afd292022-02-14 08:44:21.686root 11241100x80000000000000001743050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9444f3a329ce86e02022-02-14 08:44:21.686root 11241100x80000000000000001743051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7084bdf7200bb8d2022-02-14 08:44:21.686root 11241100x80000000000000001743052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd62a2466db7ab772022-02-14 08:44:21.686root 11241100x80000000000000001743053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1274c24ce4949bc22022-02-14 08:44:21.686root 11241100x80000000000000001743054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41d948bfca30c5c2022-02-14 08:44:21.686root 11241100x80000000000000001743055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b4e6e72af77b922022-02-14 08:44:21.687root 11241100x80000000000000001743056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b441958f05f6880e2022-02-14 08:44:21.687root 11241100x80000000000000001743057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e74f96760589d82022-02-14 08:44:21.687root 11241100x80000000000000001743058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364d0ab043bba9572022-02-14 08:44:21.687root 11241100x80000000000000001743059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14fba922377e4fd2022-02-14 08:44:21.687root 11241100x80000000000000001743060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba863acabff86422022-02-14 08:44:21.687root 11241100x80000000000000001743061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbf50380dfb09be2022-02-14 08:44:21.687root 11241100x80000000000000001743062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c856d158da9ca62022-02-14 08:44:21.687root 11241100x80000000000000001743063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e07babdf56c48f12022-02-14 08:44:21.687root 11241100x80000000000000001743064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b611b2e290c5c0c2022-02-14 08:44:21.687root 11241100x80000000000000001743065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3643ad1996af142022-02-14 08:44:21.687root 11241100x80000000000000001743066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60bc5ed66e6d38e2022-02-14 08:44:21.688root 11241100x80000000000000001743067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15133278809bc052022-02-14 08:44:21.688root 11241100x80000000000000001743068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5906bac8af03292022-02-14 08:44:21.688root 11241100x80000000000000001743069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a37ed3a28056b52022-02-14 08:44:21.688root 11241100x80000000000000001743070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3de3f55d1d9aaa92022-02-14 08:44:21.688root 11241100x80000000000000001743071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec1a3e4c47b58d92022-02-14 08:44:21.688root 11241100x80000000000000001743072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a26534eb171ef82022-02-14 08:44:21.688root 11241100x80000000000000001743073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee9ff0084d3835b2022-02-14 08:44:21.691root 11241100x80000000000000001743074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db7b7993dd1728d2022-02-14 08:44:21.691root 11241100x80000000000000001743075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de430fabfcf4d9a2022-02-14 08:44:21.691root 11241100x80000000000000001743076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d699c6e77c115642022-02-14 08:44:21.691root 11241100x80000000000000001743077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:21.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c215fc0eff4717d2022-02-14 08:44:21.691root 11241100x80000000000000001743078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162ef247c0b18d372022-02-14 08:44:22.180root 11241100x80000000000000001743079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d101b6044ff790772022-02-14 08:44:22.180root 11241100x80000000000000001743080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b9d7932b8296842022-02-14 08:44:22.180root 11241100x80000000000000001743081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd885545bcfc8fb2022-02-14 08:44:22.180root 11241100x80000000000000001743082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7233276ecacaa0e22022-02-14 08:44:22.181root 11241100x80000000000000001743083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfbea66dded6ade2022-02-14 08:44:22.181root 11241100x80000000000000001743084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0177fc5ef30991d2022-02-14 08:44:22.181root 11241100x80000000000000001743085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d386dd7f7a535a472022-02-14 08:44:22.182root 11241100x80000000000000001743086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afceb9aa5d5367482022-02-14 08:44:22.182root 11241100x80000000000000001743087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb3f9adbd8035fb2022-02-14 08:44:22.182root 11241100x80000000000000001743088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a896a45ea399d22022-02-14 08:44:22.182root 11241100x80000000000000001743089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f328a8bde65c33992022-02-14 08:44:22.182root 11241100x80000000000000001743090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e921f7634f38f72022-02-14 08:44:22.182root 11241100x80000000000000001743091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed99f9408e4d69832022-02-14 08:44:22.182root 11241100x80000000000000001743092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc89c81a6b9ce3dc2022-02-14 08:44:22.182root 11241100x80000000000000001743093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8f3f8da92033422022-02-14 08:44:22.182root 11241100x80000000000000001743094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec08b1a1758eca882022-02-14 08:44:22.182root 11241100x80000000000000001743095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5bfac6a72402a02022-02-14 08:44:22.183root 11241100x80000000000000001743096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aaed5e5d36e124f2022-02-14 08:44:22.183root 11241100x80000000000000001743097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa632183fb03f592022-02-14 08:44:22.183root 11241100x80000000000000001743098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bbd2ebbbd4d0842022-02-14 08:44:22.183root 11241100x80000000000000001743099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4037b0d8194676bd2022-02-14 08:44:22.183root 11241100x80000000000000001743100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16ae3ae7026f92f2022-02-14 08:44:22.183root 11241100x80000000000000001743101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4dd993f97a0bbb2022-02-14 08:44:22.183root 11241100x80000000000000001743102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe5f5e8e8bee58b2022-02-14 08:44:22.183root 11241100x80000000000000001743103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73262a0d91731a22022-02-14 08:44:22.183root 11241100x80000000000000001743104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf681093c2730af72022-02-14 08:44:22.183root 11241100x80000000000000001743105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968ac1a8ac98eaa12022-02-14 08:44:22.183root 11241100x80000000000000001743106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32a8972dd0c943d2022-02-14 08:44:22.183root 11241100x80000000000000001743107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb2431c294c05f02022-02-14 08:44:22.183root 11241100x80000000000000001743108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2d3e312e5c63442022-02-14 08:44:22.183root 11241100x80000000000000001743109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be95261aebb0f53c2022-02-14 08:44:22.183root 11241100x80000000000000001743110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f1858fc421b1302022-02-14 08:44:22.184root 11241100x80000000000000001743111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51cee910d4c31aff2022-02-14 08:44:22.184root 11241100x80000000000000001743112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64dd6666fd4494952022-02-14 08:44:22.184root 11241100x80000000000000001743113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1d03867afe634b2022-02-14 08:44:22.184root 11241100x80000000000000001743114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c016bf4321d880422022-02-14 08:44:22.184root 11241100x80000000000000001743115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40eef11ca9ad08d62022-02-14 08:44:22.184root 11241100x80000000000000001743116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddaf3b14b58c05352022-02-14 08:44:22.184root 11241100x80000000000000001743117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59dde721c649688e2022-02-14 08:44:22.184root 11241100x80000000000000001743118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d5d506a09e6ab92022-02-14 08:44:22.184root 11241100x80000000000000001743119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58e45e49be64c062022-02-14 08:44:22.184root 11241100x80000000000000001743120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc3b4e4813241ff2022-02-14 08:44:22.184root 11241100x80000000000000001743121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f946784b18ab4f502022-02-14 08:44:22.185root 11241100x80000000000000001743122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4411c070068c7e132022-02-14 08:44:22.185root 11241100x80000000000000001743123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8c627673c6a45e2022-02-14 08:44:22.185root 11241100x80000000000000001743124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1891ed8038cbe3d12022-02-14 08:44:22.680root 11241100x80000000000000001743125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e83b48c1a53f3982022-02-14 08:44:22.681root 11241100x80000000000000001743126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2245d1ac001284c2022-02-14 08:44:22.681root 11241100x80000000000000001743127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897db8bc327006af2022-02-14 08:44:22.681root 11241100x80000000000000001743128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63baf27ed5eae1532022-02-14 08:44:22.682root 11241100x80000000000000001743129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4f172906ae5c222022-02-14 08:44:22.682root 11241100x80000000000000001743130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f864bb547f61e48c2022-02-14 08:44:22.682root 11241100x80000000000000001743131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2142dec5ce39cb12022-02-14 08:44:22.682root 11241100x80000000000000001743132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9ef15276bf453f2022-02-14 08:44:22.682root 11241100x80000000000000001743133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554a53fb160410312022-02-14 08:44:22.682root 11241100x80000000000000001743134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d8e8d295a2ee202022-02-14 08:44:22.682root 11241100x80000000000000001743135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a218628bc4ce8772022-02-14 08:44:22.683root 11241100x80000000000000001743136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187a002a7ad81b512022-02-14 08:44:22.683root 11241100x80000000000000001743137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13077f3b78153c292022-02-14 08:44:22.683root 11241100x80000000000000001743138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e551a917603e89432022-02-14 08:44:22.683root 11241100x80000000000000001743139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd97346e3f27bd942022-02-14 08:44:22.683root 11241100x80000000000000001743140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91948f8479b38c522022-02-14 08:44:22.683root 11241100x80000000000000001743141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69894c4557abd5cf2022-02-14 08:44:22.684root 11241100x80000000000000001743142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a754931f0b8969942022-02-14 08:44:22.684root 11241100x80000000000000001743143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72b4972b8304eb22022-02-14 08:44:22.684root 11241100x80000000000000001743144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0aaa8089884398e2022-02-14 08:44:22.684root 11241100x80000000000000001743145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb259ee97cdb17862022-02-14 08:44:22.684root 11241100x80000000000000001743146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc15a7f0f7ce89c2022-02-14 08:44:22.684root 11241100x80000000000000001743147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941982a564c85a9d2022-02-14 08:44:22.684root 11241100x80000000000000001743148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c387da6d4e52a62022-02-14 08:44:22.685root 11241100x80000000000000001743149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d86e0b5ef839a962022-02-14 08:44:22.685root 11241100x80000000000000001743150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950819a73475ffbf2022-02-14 08:44:22.685root 11241100x80000000000000001743151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ba295c41df5cd42022-02-14 08:44:22.685root 11241100x80000000000000001743152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f707c95f204bad5d2022-02-14 08:44:22.685root 11241100x80000000000000001743153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379f0a92188c71222022-02-14 08:44:22.685root 11241100x80000000000000001743154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d702b62b8c8109c22022-02-14 08:44:22.685root 11241100x80000000000000001743155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9beb996061800062022-02-14 08:44:22.686root 11241100x80000000000000001743156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9880c5554874732c2022-02-14 08:44:22.686root 11241100x80000000000000001743157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8856b9743d025202022-02-14 08:44:22.686root 11241100x80000000000000001743158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e663f7d498a5d992022-02-14 08:44:22.686root 11241100x80000000000000001743159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd99711f0d29fcd2022-02-14 08:44:22.686root 11241100x80000000000000001743160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf3e0c08b1ca1e12022-02-14 08:44:22.686root 11241100x80000000000000001743161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a4fbe028f0a1c32022-02-14 08:44:22.686root 11241100x80000000000000001743162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f6e6f2458130f42022-02-14 08:44:22.686root 11241100x80000000000000001743163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ca52a7b41dab522022-02-14 08:44:22.686root 11241100x80000000000000001743164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:22.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce12df0c5516653f2022-02-14 08:44:22.687root 11241100x80000000000000001743165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b706d0835a978b52022-02-14 08:44:23.180root 11241100x80000000000000001743166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51167e3e8ea47b12022-02-14 08:44:23.180root 11241100x80000000000000001743167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e16c2e678c80c12022-02-14 08:44:23.180root 11241100x80000000000000001743168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67df8ad0a545c0c12022-02-14 08:44:23.180root 11241100x80000000000000001743169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd2fdc7b6d156502022-02-14 08:44:23.180root 11241100x80000000000000001743170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910183a1130212222022-02-14 08:44:23.180root 11241100x80000000000000001743171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da110d4ba9d41c12022-02-14 08:44:23.181root 11241100x80000000000000001743172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc52ccf82741eebb2022-02-14 08:44:23.181root 11241100x80000000000000001743173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa1344a468d069b2022-02-14 08:44:23.181root 11241100x80000000000000001743174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f34b56e1c62beb2022-02-14 08:44:23.181root 11241100x80000000000000001743175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2819094202d771772022-02-14 08:44:23.181root 11241100x80000000000000001743176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498a6f76197012192022-02-14 08:44:23.181root 11241100x80000000000000001743177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f4c2835cbf18dd2022-02-14 08:44:23.182root 11241100x80000000000000001743178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb71598df8bc0bc2022-02-14 08:44:23.182root 11241100x80000000000000001743179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdac993ce41cc9e72022-02-14 08:44:23.182root 11241100x80000000000000001743180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8335b7ab2f1fc7052022-02-14 08:44:23.182root 11241100x80000000000000001743181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f216a1c47f9dc3712022-02-14 08:44:23.182root 11241100x80000000000000001743182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6522e06ee383ff92022-02-14 08:44:23.182root 11241100x80000000000000001743183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf92724054c27102022-02-14 08:44:23.182root 11241100x80000000000000001743184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cd74452f99b3fa2022-02-14 08:44:23.182root 11241100x80000000000000001743185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b2d756ff5c41472022-02-14 08:44:23.182root 11241100x80000000000000001743186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2567ce533ce38d682022-02-14 08:44:23.182root 11241100x80000000000000001743187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de314d64869229bb2022-02-14 08:44:23.182root 11241100x80000000000000001743188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d207912aa3cdac2e2022-02-14 08:44:23.182root 11241100x80000000000000001743189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efdd4438371418b2022-02-14 08:44:23.182root 11241100x80000000000000001743190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c225456cb176c0e02022-02-14 08:44:23.183root 11241100x80000000000000001743191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e558fcec244fd1532022-02-14 08:44:23.183root 11241100x80000000000000001743192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bc7a799125d9d72022-02-14 08:44:23.183root 11241100x80000000000000001743193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33dc205e74060ee52022-02-14 08:44:23.183root 11241100x80000000000000001743194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f181ce40804cba22022-02-14 08:44:23.183root 11241100x80000000000000001743195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b7e427a334475a2022-02-14 08:44:23.183root 11241100x80000000000000001743196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f7977b514903852022-02-14 08:44:23.183root 11241100x80000000000000001743197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea9534c2357d4682022-02-14 08:44:23.183root 11241100x80000000000000001743198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae4523463c230802022-02-14 08:44:23.183root 11241100x80000000000000001743199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bf415de7014c232022-02-14 08:44:23.183root 11241100x80000000000000001743200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bd12c62d27896c2022-02-14 08:44:23.183root 11241100x80000000000000001743201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a083fa6de5f0db2022-02-14 08:44:23.184root 11241100x80000000000000001743202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66bd26e6ed3b7c02022-02-14 08:44:23.184root 11241100x80000000000000001743203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9644fa9677b598f52022-02-14 08:44:23.184root 11241100x80000000000000001743204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86611aae5ffba0db2022-02-14 08:44:23.184root 11241100x80000000000000001743205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95130d880db42f582022-02-14 08:44:23.184root 11241100x80000000000000001743206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4df904404279ba12022-02-14 08:44:23.184root 11241100x80000000000000001743207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824fe107718d41cc2022-02-14 08:44:23.184root 11241100x80000000000000001743208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931d0d3688c6fb832022-02-14 08:44:23.184root 11241100x80000000000000001743209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a97c09c2f8b76ba2022-02-14 08:44:23.184root 11241100x80000000000000001743210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ed81767ec9154c2022-02-14 08:44:23.184root 11241100x80000000000000001743211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d55567b02c8ca2f2022-02-14 08:44:23.184root 11241100x80000000000000001743212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a2ddcefd21c57b2022-02-14 08:44:23.185root 11241100x80000000000000001743213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee52361756756dbe2022-02-14 08:44:23.185root 11241100x80000000000000001743214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154876cc89e8458b2022-02-14 08:44:23.185root 11241100x80000000000000001743215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120748567debbf462022-02-14 08:44:23.185root 11241100x80000000000000001743216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99f27318c426e6c2022-02-14 08:44:23.185root 11241100x80000000000000001743217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16f99e8f20564d62022-02-14 08:44:23.185root 354300x80000000000000001743218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.195{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51486-false10.0.1.12-8000- 11241100x80000000000000001743219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38acffae09f171c12022-02-14 08:44:23.680root 11241100x80000000000000001743220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e478b1a7aba5152022-02-14 08:44:23.680root 11241100x80000000000000001743221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0fe835a09c362c2022-02-14 08:44:23.681root 11241100x80000000000000001743222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b9a6b99c9021c82022-02-14 08:44:23.681root 11241100x80000000000000001743223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085a45821c3ffec92022-02-14 08:44:23.681root 11241100x80000000000000001743224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0878d4130bf9ef192022-02-14 08:44:23.681root 11241100x80000000000000001743225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609f3999499741f42022-02-14 08:44:23.681root 11241100x80000000000000001743226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef49242738d18932022-02-14 08:44:23.681root 11241100x80000000000000001743227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd230be6647e868f2022-02-14 08:44:23.681root 11241100x80000000000000001743228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802938ce3b2d70722022-02-14 08:44:23.682root 11241100x80000000000000001743229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1121d5d475551fa72022-02-14 08:44:23.682root 11241100x80000000000000001743230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effa114e3091beb02022-02-14 08:44:23.682root 11241100x80000000000000001743231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37bf484a1f46bf22022-02-14 08:44:23.682root 11241100x80000000000000001743232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78f1e0c7299a5be2022-02-14 08:44:23.682root 11241100x80000000000000001743233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08480b96fd233c422022-02-14 08:44:23.682root 11241100x80000000000000001743234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81cc8ef3b5bcb8382022-02-14 08:44:23.682root 11241100x80000000000000001743235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578f8e0e933fc4b52022-02-14 08:44:23.682root 11241100x80000000000000001743236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f029f8713a68a7a52022-02-14 08:44:23.682root 11241100x80000000000000001743237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b561875ed61f35b2022-02-14 08:44:23.682root 11241100x80000000000000001743238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab79e0263193f8c2022-02-14 08:44:23.682root 11241100x80000000000000001743239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5caf30c6f8d3ba2022-02-14 08:44:23.682root 11241100x80000000000000001743240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72766ffc93cc79ff2022-02-14 08:44:23.682root 11241100x80000000000000001743241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df3ad7cc8825b3e2022-02-14 08:44:23.683root 11241100x80000000000000001743242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bc895158b964422022-02-14 08:44:23.683root 11241100x80000000000000001743243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631fff98dfd607292022-02-14 08:44:23.683root 11241100x80000000000000001743244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6d56e39960d38a2022-02-14 08:44:23.683root 11241100x80000000000000001743245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5219500074462f32022-02-14 08:44:23.683root 11241100x80000000000000001743246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ce5ee518ae2c852022-02-14 08:44:23.683root 11241100x80000000000000001743247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b073a26accc5003d2022-02-14 08:44:23.683root 11241100x80000000000000001743248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7abdeb12875bab2022-02-14 08:44:23.683root 11241100x80000000000000001743249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed41d9a28fcdded2022-02-14 08:44:23.683root 11241100x80000000000000001743250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0841c589ad638bb92022-02-14 08:44:23.683root 11241100x80000000000000001743251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779fc730a3c82ea12022-02-14 08:44:23.683root 11241100x80000000000000001743252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d051287996e48902022-02-14 08:44:23.683root 11241100x80000000000000001743253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0b79f9401d48c02022-02-14 08:44:23.683root 11241100x80000000000000001743254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0218ff9e18c73462022-02-14 08:44:23.683root 11241100x80000000000000001743255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64534ef8dce9fc8f2022-02-14 08:44:23.683root 11241100x80000000000000001743256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a6c5a0b0bb58a12022-02-14 08:44:23.684root 11241100x80000000000000001743257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830dc1daed2eeed12022-02-14 08:44:23.684root 11241100x80000000000000001743258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce57a0a899118912022-02-14 08:44:23.684root 11241100x80000000000000001743259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b25d91cebf64482022-02-14 08:44:23.684root 11241100x80000000000000001743260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83924306ca476bce2022-02-14 08:44:23.684root 11241100x80000000000000001743261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4a232f5939c6f32022-02-14 08:44:23.685root 11241100x80000000000000001743262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d08e5a484851412022-02-14 08:44:23.685root 11241100x80000000000000001743263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f02de6d0cd8ef532022-02-14 08:44:23.685root 11241100x80000000000000001743264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39478ad84f96d4232022-02-14 08:44:23.685root 11241100x80000000000000001743265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:23.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0d69dd9c89a4312022-02-14 08:44:23.685root 11241100x80000000000000001743266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da070bcc76e41192022-02-14 08:44:24.180root 11241100x80000000000000001743267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ddcf6f5bab39562022-02-14 08:44:24.180root 11241100x80000000000000001743268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad034185a87af742022-02-14 08:44:24.180root 11241100x80000000000000001743269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98107ffcbea551d42022-02-14 08:44:24.180root 11241100x80000000000000001743270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd7c298621efec52022-02-14 08:44:24.180root 11241100x80000000000000001743271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89db41736b77f5ba2022-02-14 08:44:24.180root 11241100x80000000000000001743272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3530f5e56ae725b42022-02-14 08:44:24.180root 11241100x80000000000000001743273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb696dffc7d46f72022-02-14 08:44:24.180root 11241100x80000000000000001743274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937f5ac04b962d9b2022-02-14 08:44:24.180root 11241100x80000000000000001743275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5e0b149b3d8c142022-02-14 08:44:24.181root 11241100x80000000000000001743276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc38b187784bc6712022-02-14 08:44:24.181root 11241100x80000000000000001743277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3f25ab7fe4bd822022-02-14 08:44:24.181root 11241100x80000000000000001743278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f616927a173c932022-02-14 08:44:24.181root 11241100x80000000000000001743279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37f41c163852fd32022-02-14 08:44:24.182root 11241100x80000000000000001743280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc677cc8a3c3c1602022-02-14 08:44:24.182root 11241100x80000000000000001743281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacee75942e2ce772022-02-14 08:44:24.182root 11241100x80000000000000001743282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e276c33800b4326b2022-02-14 08:44:24.182root 11241100x80000000000000001743283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c415cba91039d1ad2022-02-14 08:44:24.183root 11241100x80000000000000001743284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793a667162bb1e9f2022-02-14 08:44:24.183root 11241100x80000000000000001743285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d51d458456b8b662022-02-14 08:44:24.183root 11241100x80000000000000001743286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb497a14e7e6c6162022-02-14 08:44:24.183root 11241100x80000000000000001743287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b9ea878aefac882022-02-14 08:44:24.183root 11241100x80000000000000001743288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c363fb569a0b512022-02-14 08:44:24.183root 11241100x80000000000000001743289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ef6a6d194caea12022-02-14 08:44:24.184root 11241100x80000000000000001743290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46748842e706821f2022-02-14 08:44:24.184root 11241100x80000000000000001743291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa66ba350d538d292022-02-14 08:44:24.184root 11241100x80000000000000001743292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ebeadbedeef38c2022-02-14 08:44:24.184root 11241100x80000000000000001743293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae21b789db6135d2022-02-14 08:44:24.184root 11241100x80000000000000001743294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2653d7684de5ae2022-02-14 08:44:24.184root 11241100x80000000000000001743295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f56ab0b230d62152022-02-14 08:44:24.185root 11241100x80000000000000001743296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563f17d0704009fb2022-02-14 08:44:24.185root 11241100x80000000000000001743297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24d9e3f27617f8d2022-02-14 08:44:24.185root 11241100x80000000000000001743298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4488cb28c50c9792022-02-14 08:44:24.185root 11241100x80000000000000001743299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee6fc3e3de635db2022-02-14 08:44:24.185root 11241100x80000000000000001743300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d64faf84f4924492022-02-14 08:44:24.185root 11241100x80000000000000001743301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbbcd78442faaba2022-02-14 08:44:24.185root 11241100x80000000000000001743302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7d390f439557b42022-02-14 08:44:24.185root 11241100x80000000000000001743303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9a9acf123231cd2022-02-14 08:44:24.186root 11241100x80000000000000001743304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d141a20a127d06cd2022-02-14 08:44:24.186root 11241100x80000000000000001743305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b62556898d45d92022-02-14 08:44:24.186root 11241100x80000000000000001743306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d82d72cd9c37cec2022-02-14 08:44:24.186root 11241100x80000000000000001743307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881ae72cddf90b572022-02-14 08:44:24.186root 11241100x80000000000000001743308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb91c50d7139b982022-02-14 08:44:24.186root 11241100x80000000000000001743309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8623bc901203b52022-02-14 08:44:24.186root 11241100x80000000000000001743310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459975a57f184ddf2022-02-14 08:44:24.186root 11241100x80000000000000001743311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc487b7ccf5d6d972022-02-14 08:44:24.186root 11241100x80000000000000001743312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecd548582299fe72022-02-14 08:44:24.186root 11241100x80000000000000001743313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6969d55398303582022-02-14 08:44:24.186root 11241100x80000000000000001743314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feeb748af09780232022-02-14 08:44:24.187root 11241100x80000000000000001743315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20de720aeccc58e2022-02-14 08:44:24.187root 11241100x80000000000000001743316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55da855d69e7dcbf2022-02-14 08:44:24.187root 11241100x80000000000000001743317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9622377e3f0069d92022-02-14 08:44:24.187root 11241100x80000000000000001743318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf5f894bf39209e2022-02-14 08:44:24.187root 11241100x80000000000000001743319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5542e5b2c245a56d2022-02-14 08:44:24.187root 11241100x80000000000000001743320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7dfa35cab9a5f22022-02-14 08:44:24.187root 11241100x80000000000000001743321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f032fb71df4052582022-02-14 08:44:24.680root 11241100x80000000000000001743322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1f242a109ebfc52022-02-14 08:44:24.681root 11241100x80000000000000001743323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b6d1129274a3cd2022-02-14 08:44:24.681root 11241100x80000000000000001743324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f805989d12576ad2022-02-14 08:44:24.681root 11241100x80000000000000001743325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734f6fee8c1e1ea92022-02-14 08:44:24.681root 11241100x80000000000000001743326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc8f75d30f2f6942022-02-14 08:44:24.681root 11241100x80000000000000001743327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b8a7bfd65b4f732022-02-14 08:44:24.681root 11241100x80000000000000001743328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e508a9aa2d75312022-02-14 08:44:24.681root 11241100x80000000000000001743329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4ed0492bfe09be2022-02-14 08:44:24.681root 11241100x80000000000000001743330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb4d6685414347b2022-02-14 08:44:24.681root 11241100x80000000000000001743331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b1191c031ce0ea2022-02-14 08:44:24.681root 11241100x80000000000000001743332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da4f8e0455f5a322022-02-14 08:44:24.681root 11241100x80000000000000001743333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb7f58c30e44ee72022-02-14 08:44:24.682root 11241100x80000000000000001743334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c290b64f3cab5d42022-02-14 08:44:24.682root 11241100x80000000000000001743335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2899f3d890be71432022-02-14 08:44:24.682root 11241100x80000000000000001743336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d893f6a879f471522022-02-14 08:44:24.682root 11241100x80000000000000001743337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb72a77f5947e9c2022-02-14 08:44:24.682root 11241100x80000000000000001743338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c342ed1922018662022-02-14 08:44:24.682root 11241100x80000000000000001743339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cef37d9ebba22e2022-02-14 08:44:24.682root 11241100x80000000000000001743340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a117c6fefde67e2022-02-14 08:44:24.682root 11241100x80000000000000001743341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafdff0cceeb2e6b2022-02-14 08:44:24.682root 11241100x80000000000000001743342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4e15f7c5e95a842022-02-14 08:44:24.682root 11241100x80000000000000001743343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322147c9070605b82022-02-14 08:44:24.682root 11241100x80000000000000001743344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d3b6e4e5e9ff382022-02-14 08:44:24.682root 11241100x80000000000000001743345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a342bf26a16537c2022-02-14 08:44:24.683root 11241100x80000000000000001743346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef3e0792cec90d52022-02-14 08:44:24.683root 11241100x80000000000000001743347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072412eb5dcdec242022-02-14 08:44:24.683root 11241100x80000000000000001743348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177c0f8ccdd049462022-02-14 08:44:24.683root 11241100x80000000000000001743349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91402113789c53ba2022-02-14 08:44:24.683root 11241100x80000000000000001743350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340fa371ef10d4e42022-02-14 08:44:24.683root 11241100x80000000000000001743351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f05178cde831ce42022-02-14 08:44:24.683root 11241100x80000000000000001743352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6088a09754f027182022-02-14 08:44:24.683root 11241100x80000000000000001743353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e87f9b2bb04c4812022-02-14 08:44:24.685root 11241100x80000000000000001743354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce58016021b75142022-02-14 08:44:24.685root 11241100x80000000000000001743355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0ded3cc2292f982022-02-14 08:44:24.686root 11241100x80000000000000001743356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447db28984ce8f0f2022-02-14 08:44:24.686root 11241100x80000000000000001743357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae1a82e33f0f64a2022-02-14 08:44:24.686root 11241100x80000000000000001743358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3acd7253b46700f2022-02-14 08:44:24.686root 11241100x80000000000000001743359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d963411dc69649f2022-02-14 08:44:24.686root 11241100x80000000000000001743360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cfb3da96a0a4822022-02-14 08:44:24.686root 11241100x80000000000000001743361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38867676ccf9c5b52022-02-14 08:44:24.687root 11241100x80000000000000001743362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78e7ea3874783dd2022-02-14 08:44:24.687root 11241100x80000000000000001743363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bbf1638d96525d2022-02-14 08:44:24.687root 11241100x80000000000000001743364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:24.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a413fe43a92a594d2022-02-14 08:44:24.687root 11241100x80000000000000001743365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec145f296f9230842022-02-14 08:44:25.180root 11241100x80000000000000001743366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2180385a3c83c9c2022-02-14 08:44:25.180root 11241100x80000000000000001743367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa07acd2e0af4252022-02-14 08:44:25.180root 11241100x80000000000000001743368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1730c2f18a88172022-02-14 08:44:25.180root 11241100x80000000000000001743369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3475cbc470fffba2022-02-14 08:44:25.181root 11241100x80000000000000001743370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68692fde1bd0203f2022-02-14 08:44:25.181root 11241100x80000000000000001743371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc17474603c0ceae2022-02-14 08:44:25.181root 11241100x80000000000000001743372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb4a78a8869ea9a2022-02-14 08:44:25.181root 11241100x80000000000000001743373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d793df30344e04e52022-02-14 08:44:25.181root 11241100x80000000000000001743374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1a7df0e95720c82022-02-14 08:44:25.181root 11241100x80000000000000001743375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6296e3fd159c688c2022-02-14 08:44:25.181root 11241100x80000000000000001743376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1865659086af602022-02-14 08:44:25.181root 11241100x80000000000000001743377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42413b7b6160b632022-02-14 08:44:25.181root 11241100x80000000000000001743378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7654caed62a15a2022-02-14 08:44:25.181root 11241100x80000000000000001743379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf9681766903f9e2022-02-14 08:44:25.181root 11241100x80000000000000001743380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ace947dfb2e205d2022-02-14 08:44:25.181root 11241100x80000000000000001743381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b870350058738fd2022-02-14 08:44:25.181root 11241100x80000000000000001743382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01f23159f7b54ed2022-02-14 08:44:25.181root 11241100x80000000000000001743383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84edc06735c2f972022-02-14 08:44:25.182root 11241100x80000000000000001743384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466cd570c90558982022-02-14 08:44:25.182root 11241100x80000000000000001743385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237d946121ebbc192022-02-14 08:44:25.182root 11241100x80000000000000001743386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08231a30701b668d2022-02-14 08:44:25.182root 11241100x80000000000000001743387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313a6488c1d1e06b2022-02-14 08:44:25.182root 11241100x80000000000000001743388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd687d82684b4062022-02-14 08:44:25.182root 11241100x80000000000000001743389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8a82f8948c73c02022-02-14 08:44:25.182root 11241100x80000000000000001743390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80903b873c1fa9832022-02-14 08:44:25.182root 11241100x80000000000000001743391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ff9872db9883a72022-02-14 08:44:25.182root 11241100x80000000000000001743392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c71c149de550c982022-02-14 08:44:25.182root 11241100x80000000000000001743393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842038e7cafbb69d2022-02-14 08:44:25.182root 11241100x80000000000000001743394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e3dc5c12120e932022-02-14 08:44:25.182root 11241100x80000000000000001743395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01af88051be918002022-02-14 08:44:25.182root 11241100x80000000000000001743396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149c60a67feed2fe2022-02-14 08:44:25.182root 11241100x80000000000000001743397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958a10eec67611cf2022-02-14 08:44:25.182root 11241100x80000000000000001743398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a875b4d87d9d632022-02-14 08:44:25.182root 11241100x80000000000000001743399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a47df2b20516dec2022-02-14 08:44:25.183root 11241100x80000000000000001743400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5653eef751a4cb2022-02-14 08:44:25.183root 11241100x80000000000000001743401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef780795f33e24d82022-02-14 08:44:25.183root 11241100x80000000000000001743402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f4959289cc4f742022-02-14 08:44:25.183root 11241100x80000000000000001743403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb678db666f21ba82022-02-14 08:44:25.183root 11241100x80000000000000001743404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80b92fbcb8f5bbf2022-02-14 08:44:25.183root 11241100x80000000000000001743405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8d6fa126f9f3252022-02-14 08:44:25.183root 11241100x80000000000000001743406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04e271338fa9ceb2022-02-14 08:44:25.183root 11241100x80000000000000001743407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896d8ed25e3e99382022-02-14 08:44:25.183root 11241100x80000000000000001743408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1494a277e376ca8b2022-02-14 08:44:25.183root 11241100x80000000000000001743409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d36ac45d15f1342022-02-14 08:44:25.183root 11241100x80000000000000001743410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c0ee9c9f416b5c2022-02-14 08:44:25.183root 11241100x80000000000000001743411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e430106c23c5639a2022-02-14 08:44:25.183root 11241100x80000000000000001743412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d6d513c63f46ac2022-02-14 08:44:25.184root 11241100x80000000000000001743413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74dba1cab5c7d57d2022-02-14 08:44:25.184root 11241100x80000000000000001743414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fdb76d0ae8bb652022-02-14 08:44:25.184root 11241100x80000000000000001743415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ef1908a1ab5f722022-02-14 08:44:25.184root 11241100x80000000000000001743416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42dd335e27445e152022-02-14 08:44:25.185root 11241100x80000000000000001743417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7ed0b8b5afff5f2022-02-14 08:44:25.185root 11241100x80000000000000001743418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c359a6be18899fa72022-02-14 08:44:25.185root 11241100x80000000000000001743419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6066186528a2d002022-02-14 08:44:25.185root 11241100x80000000000000001743420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef00753cacb7a0fd2022-02-14 08:44:25.186root 11241100x80000000000000001743421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0051c5ccbd9c902022-02-14 08:44:25.680root 11241100x80000000000000001743422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b28d1e1cc662392022-02-14 08:44:25.680root 11241100x80000000000000001743423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b95a12a18085bd72022-02-14 08:44:25.680root 11241100x80000000000000001743424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1843291c1e65d8de2022-02-14 08:44:25.680root 11241100x80000000000000001743425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b87450fabb788812022-02-14 08:44:25.680root 11241100x80000000000000001743426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c99cb966d24ce1b2022-02-14 08:44:25.680root 11241100x80000000000000001743427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3acee94b9b9d862022-02-14 08:44:25.681root 11241100x80000000000000001743428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4721e5d94e3562a32022-02-14 08:44:25.681root 11241100x80000000000000001743429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27d804959c0432c2022-02-14 08:44:25.681root 11241100x80000000000000001743430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a67755348ced6df2022-02-14 08:44:25.681root 11241100x80000000000000001743431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d7ecc8aea1abe72022-02-14 08:44:25.681root 11241100x80000000000000001743432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a96dd3bf390b552022-02-14 08:44:25.681root 11241100x80000000000000001743433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945a6d23490783092022-02-14 08:44:25.681root 11241100x80000000000000001743434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61453948cf6e05102022-02-14 08:44:25.681root 11241100x80000000000000001743435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8f43473efb19b22022-02-14 08:44:25.681root 11241100x80000000000000001743436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d81ffbd02375d02022-02-14 08:44:25.681root 11241100x80000000000000001743437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff95a2ada5c289792022-02-14 08:44:25.681root 11241100x80000000000000001743438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808a9107bb2999292022-02-14 08:44:25.681root 11241100x80000000000000001743439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed2993c40af181a2022-02-14 08:44:25.681root 11241100x80000000000000001743440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd672458cc326532022-02-14 08:44:25.681root 11241100x80000000000000001743441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49ecc1208d577152022-02-14 08:44:25.681root 11241100x80000000000000001743442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f45d8bb868bf93c2022-02-14 08:44:25.682root 11241100x80000000000000001743443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413747d30ada25ee2022-02-14 08:44:25.682root 11241100x80000000000000001743444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b476cb6a2ab1422022-02-14 08:44:25.682root 11241100x80000000000000001743445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c14d262702397b2022-02-14 08:44:25.682root 11241100x80000000000000001743446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46ac62be212e2b62022-02-14 08:44:25.682root 11241100x80000000000000001743447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72aab745e6887ad32022-02-14 08:44:25.682root 11241100x80000000000000001743448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde232850c7d843b2022-02-14 08:44:25.682root 11241100x80000000000000001743449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9230864397cc377a2022-02-14 08:44:25.682root 11241100x80000000000000001743450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495732d584aa52cf2022-02-14 08:44:25.682root 11241100x80000000000000001743451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b475f10c1723852022-02-14 08:44:25.682root 11241100x80000000000000001743452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46260c8b93acfa692022-02-14 08:44:25.682root 11241100x80000000000000001743453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae036ede56a30ff42022-02-14 08:44:25.682root 11241100x80000000000000001743454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1817bdcd309160ff2022-02-14 08:44:25.682root 11241100x80000000000000001743455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6524daa09caaba312022-02-14 08:44:25.682root 11241100x80000000000000001743456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ab5e4662fe94592022-02-14 08:44:25.682root 11241100x80000000000000001743457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ad2f516f80c78b2022-02-14 08:44:25.683root 11241100x80000000000000001743458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26692df3fd0c00612022-02-14 08:44:25.683root 11241100x80000000000000001743459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da684aefdf06f71d2022-02-14 08:44:25.683root 11241100x80000000000000001743460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a2d57d2c8c76772022-02-14 08:44:25.683root 11241100x80000000000000001743461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c1605dc70c896c2022-02-14 08:44:25.683root 11241100x80000000000000001743462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e709db3bacd97e2022-02-14 08:44:25.683root 11241100x80000000000000001743463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5615f9905f7fbee42022-02-14 08:44:25.683root 11241100x80000000000000001743464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6e0358d23634322022-02-14 08:44:25.683root 11241100x80000000000000001743465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8bed8cd9ec684c2022-02-14 08:44:25.683root 11241100x80000000000000001743466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:25.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b88107180cee1962022-02-14 08:44:25.683root 11241100x80000000000000001743467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f003025360eb1882022-02-14 08:44:26.180root 11241100x80000000000000001743468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c635e30a41d079522022-02-14 08:44:26.180root 11241100x80000000000000001743469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8817bc48deaac3532022-02-14 08:44:26.180root 11241100x80000000000000001743470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4238f3fec4c4662022-02-14 08:44:26.180root 11241100x80000000000000001743471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e27c4d4f63251e2022-02-14 08:44:26.180root 11241100x80000000000000001743472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7069c9d533d0d19a2022-02-14 08:44:26.180root 11241100x80000000000000001743473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91ab390fa3699ac2022-02-14 08:44:26.180root 11241100x80000000000000001743474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a43578f90f1d692022-02-14 08:44:26.181root 11241100x80000000000000001743475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f87fe518df5d492022-02-14 08:44:26.181root 11241100x80000000000000001743476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7b35a3ae8be6db2022-02-14 08:44:26.181root 11241100x80000000000000001743477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b617ed1476e1e1d52022-02-14 08:44:26.181root 11241100x80000000000000001743478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867a00a20a68b1212022-02-14 08:44:26.181root 11241100x80000000000000001743479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40226c5bd0e964f32022-02-14 08:44:26.181root 11241100x80000000000000001743480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e399dc5f956ecf2022-02-14 08:44:26.182root 11241100x80000000000000001743481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6a4bd237cfc54c2022-02-14 08:44:26.182root 11241100x80000000000000001743482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68ccc4ee0371fad2022-02-14 08:44:26.182root 11241100x80000000000000001743483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74296441ef59e67a2022-02-14 08:44:26.182root 11241100x80000000000000001743484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967a8009434ccf612022-02-14 08:44:26.182root 11241100x80000000000000001743485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab2df9d266d9f0e2022-02-14 08:44:26.182root 11241100x80000000000000001743486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc18cb1b13146ab2022-02-14 08:44:26.182root 11241100x80000000000000001743487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d65b370a69475d82022-02-14 08:44:26.182root 11241100x80000000000000001743488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fc91fd2a928eba2022-02-14 08:44:26.182root 11241100x80000000000000001743489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac2cbdb6c03ff562022-02-14 08:44:26.183root 11241100x80000000000000001743490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b10d5ea2c6ad8fd2022-02-14 08:44:26.183root 11241100x80000000000000001743491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab364060cff8daca2022-02-14 08:44:26.183root 11241100x80000000000000001743492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f410e62419a8cc1b2022-02-14 08:44:26.183root 11241100x80000000000000001743493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fa122d0bdbcb812022-02-14 08:44:26.183root 11241100x80000000000000001743494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47e0eb005c77c5c2022-02-14 08:44:26.184root 11241100x80000000000000001743495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd721570b2b03b602022-02-14 08:44:26.184root 11241100x80000000000000001743496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fde40622a823102022-02-14 08:44:26.184root 11241100x80000000000000001743497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3beea50265092772022-02-14 08:44:26.185root 11241100x80000000000000001743498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31c82ea7a687f322022-02-14 08:44:26.185root 11241100x80000000000000001743499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bb8970412b81a62022-02-14 08:44:26.185root 11241100x80000000000000001743500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48759068102312ee2022-02-14 08:44:26.185root 11241100x80000000000000001743501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eecd07eea61ebad2022-02-14 08:44:26.185root 11241100x80000000000000001743502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81763e4dea3398cd2022-02-14 08:44:26.185root 11241100x80000000000000001743503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca77c214ebb6d88f2022-02-14 08:44:26.186root 11241100x80000000000000001743504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd67dbd6d1a015ce2022-02-14 08:44:26.186root 11241100x80000000000000001743505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9071ed661e92af612022-02-14 08:44:26.186root 11241100x80000000000000001743506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fde43ab7dc83e32022-02-14 08:44:26.186root 11241100x80000000000000001743507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7876ea6031f663cc2022-02-14 08:44:26.187root 11241100x80000000000000001743508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacbe28c590b0e262022-02-14 08:44:26.187root 11241100x80000000000000001743509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27a68c977bd52902022-02-14 08:44:26.187root 11241100x80000000000000001743510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da65d77c79fe7ac62022-02-14 08:44:26.187root 11241100x80000000000000001743511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92395320222516542022-02-14 08:44:26.187root 11241100x80000000000000001743512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4564ffd6148b8662022-02-14 08:44:26.187root 11241100x80000000000000001743513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cae75dfca5c32452022-02-14 08:44:26.187root 11241100x80000000000000001743514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9564cc883a3940502022-02-14 08:44:26.187root 11241100x80000000000000001743515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9da1f30a22fd5de2022-02-14 08:44:26.187root 11241100x80000000000000001743516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d13fe618c3c28a32022-02-14 08:44:26.679root 11241100x80000000000000001743517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d450740926f20242022-02-14 08:44:26.680root 11241100x80000000000000001743518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691423727a11c5362022-02-14 08:44:26.680root 11241100x80000000000000001743519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ab25f094aca5122022-02-14 08:44:26.680root 11241100x80000000000000001743520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1999cc25a48f852022-02-14 08:44:26.680root 11241100x80000000000000001743521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b7cbea8dcb9b4f2022-02-14 08:44:26.681root 11241100x80000000000000001743522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8a5ccf31db9f602022-02-14 08:44:26.681root 11241100x80000000000000001743523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cfba3a70bd13ac2022-02-14 08:44:26.681root 11241100x80000000000000001743524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfed78839569c9652022-02-14 08:44:26.681root 11241100x80000000000000001743525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ebcaff532666932022-02-14 08:44:26.681root 11241100x80000000000000001743526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab43ba93a3b4581b2022-02-14 08:44:26.681root 11241100x80000000000000001743527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc335413bdd86e5c2022-02-14 08:44:26.681root 11241100x80000000000000001743528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4324dcfccbb1722022-02-14 08:44:26.681root 11241100x80000000000000001743529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcdc35ac4c79e2a2022-02-14 08:44:26.681root 11241100x80000000000000001743530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfe5504ef9b54732022-02-14 08:44:26.681root 11241100x80000000000000001743531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36c68bab2830db82022-02-14 08:44:26.681root 11241100x80000000000000001743532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1352b87dfd158692022-02-14 08:44:26.681root 11241100x80000000000000001743533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52ed311ca729aa62022-02-14 08:44:26.682root 11241100x80000000000000001743534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436f44032be58b532022-02-14 08:44:26.682root 11241100x80000000000000001743535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203dd3359d0666cc2022-02-14 08:44:26.682root 11241100x80000000000000001743536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50e6e5068c102792022-02-14 08:44:26.682root 11241100x80000000000000001743537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339cbd7d1c82b6b12022-02-14 08:44:26.682root 11241100x80000000000000001743538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a7546afdabcf1a2022-02-14 08:44:26.682root 11241100x80000000000000001743539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f4ed2a717c023e2022-02-14 08:44:26.683root 11241100x80000000000000001743540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325b32209b10a70d2022-02-14 08:44:26.684root 11241100x80000000000000001743541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50888ba1043d39e82022-02-14 08:44:26.684root 11241100x80000000000000001743542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4989f331e6214fc12022-02-14 08:44:26.684root 11241100x80000000000000001743543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8454851ddb29e4892022-02-14 08:44:26.684root 11241100x80000000000000001743544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab627f645842941c2022-02-14 08:44:26.684root 11241100x80000000000000001743545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd272c1d3808ca972022-02-14 08:44:26.685root 11241100x80000000000000001743546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4ce736bead5ede2022-02-14 08:44:26.685root 11241100x80000000000000001743547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845d84a237c04cfc2022-02-14 08:44:26.685root 11241100x80000000000000001743548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f50febef9d10902022-02-14 08:44:26.686root 11241100x80000000000000001743549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b13983acf919802022-02-14 08:44:26.686root 11241100x80000000000000001743550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c15c3f2db6d6c22022-02-14 08:44:26.686root 11241100x80000000000000001743551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a95254c933840d92022-02-14 08:44:26.686root 11241100x80000000000000001743552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3b5f428628721d2022-02-14 08:44:26.687root 11241100x80000000000000001743553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67352b3054e329a12022-02-14 08:44:26.688root 11241100x80000000000000001743554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063aa0e5de3251ce2022-02-14 08:44:26.688root 11241100x80000000000000001743555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25507d59f721437f2022-02-14 08:44:26.688root 11241100x80000000000000001743556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a10d4e2a1d4f132022-02-14 08:44:26.688root 11241100x80000000000000001743557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd91f95a073a55f22022-02-14 08:44:26.688root 11241100x80000000000000001743558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f88e7d57cde75f2022-02-14 08:44:26.688root 11241100x80000000000000001743559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6be8f46a1bec5942022-02-14 08:44:26.689root 11241100x80000000000000001743560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e841e63b0de3382022-02-14 08:44:26.689root 11241100x80000000000000001743561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3905b14632945b52022-02-14 08:44:26.689root 11241100x80000000000000001743562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5950a8a49ed159c82022-02-14 08:44:26.689root 11241100x80000000000000001743563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e585bff3049c8262022-02-14 08:44:26.690root 11241100x80000000000000001743564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522173ba5c7989b42022-02-14 08:44:26.690root 11241100x80000000000000001743565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344aae590fd08cea2022-02-14 08:44:26.690root 11241100x80000000000000001743566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f727c25a08c0847c2022-02-14 08:44:26.690root 11241100x80000000000000001743567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0ed099d738bc042022-02-14 08:44:26.690root 11241100x80000000000000001743568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2082cfe3de3a3a5c2022-02-14 08:44:26.691root 11241100x80000000000000001743569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b598bb7caeaf1a072022-02-14 08:44:26.691root 11241100x80000000000000001743570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd8095473b670582022-02-14 08:44:26.691root 11241100x80000000000000001743571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fa0d2ab5aba2bb2022-02-14 08:44:26.691root 11241100x80000000000000001743572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a39d9205d7cbca2022-02-14 08:44:26.691root 11241100x80000000000000001743573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9234cd453179daa82022-02-14 08:44:26.691root 11241100x80000000000000001743574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c88e9fbccc9ccd2022-02-14 08:44:26.691root 11241100x80000000000000001743575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b60e065376708bd2022-02-14 08:44:26.691root 11241100x80000000000000001743576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254e071099fcc2a62022-02-14 08:44:26.692root 11241100x80000000000000001743577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc67962b46cda3832022-02-14 08:44:26.693root 11241100x80000000000000001743578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb3ab133a2c51ce2022-02-14 08:44:26.693root 11241100x80000000000000001743579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2251360d4d879c2022-02-14 08:44:26.693root 11241100x80000000000000001743580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:26.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b67f090ed1fa2202022-02-14 08:44:26.694root 11241100x80000000000000001743581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d63bd019899ada2022-02-14 08:44:27.180root 11241100x80000000000000001743582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff8881da88023232022-02-14 08:44:27.180root 11241100x80000000000000001743583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0e001e353c8fe02022-02-14 08:44:27.180root 11241100x80000000000000001743584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6984330fbde8202022-02-14 08:44:27.180root 11241100x80000000000000001743585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5fab192c28fd1b2022-02-14 08:44:27.180root 11241100x80000000000000001743586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963b31c414126d452022-02-14 08:44:27.180root 11241100x80000000000000001743587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ca5da691412ca32022-02-14 08:44:27.180root 11241100x80000000000000001743588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715664f1a9c784c12022-02-14 08:44:27.180root 11241100x80000000000000001743589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804453bf750c2f2c2022-02-14 08:44:27.181root 11241100x80000000000000001743590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a860910e7dc96272022-02-14 08:44:27.181root 11241100x80000000000000001743591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0976af7b8e9705b2022-02-14 08:44:27.181root 11241100x80000000000000001743592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d05bb9e5f47f70e2022-02-14 08:44:27.181root 11241100x80000000000000001743593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c2150e1b6538672022-02-14 08:44:27.181root 11241100x80000000000000001743594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b5201df23ed4d62022-02-14 08:44:27.181root 11241100x80000000000000001743595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143bae9747b5917f2022-02-14 08:44:27.182root 11241100x80000000000000001743596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6380fcb284868882022-02-14 08:44:27.182root 11241100x80000000000000001743597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159be7769ecb7dd92022-02-14 08:44:27.182root 11241100x80000000000000001743598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f1983f77f155172022-02-14 08:44:27.182root 11241100x80000000000000001743599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caec8140bc48c9852022-02-14 08:44:27.182root 11241100x80000000000000001743600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e88d611287446122022-02-14 08:44:27.182root 11241100x80000000000000001743601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99ba480774d336c2022-02-14 08:44:27.182root 11241100x80000000000000001743602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e71092db44ab402022-02-14 08:44:27.182root 11241100x80000000000000001743603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2c0983ea4d7f1b2022-02-14 08:44:27.182root 11241100x80000000000000001743604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f437238b752eeb2022-02-14 08:44:27.182root 11241100x80000000000000001743605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e58e0fe26f5a132022-02-14 08:44:27.182root 11241100x80000000000000001743606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6054a31aa5998b292022-02-14 08:44:27.183root 11241100x80000000000000001743607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b07400fc43ba902022-02-14 08:44:27.183root 11241100x80000000000000001743608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90f72cc5e287b6a2022-02-14 08:44:27.183root 11241100x80000000000000001743609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406ba893c7a7699a2022-02-14 08:44:27.183root 11241100x80000000000000001743610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d172dfd464c8e0e2022-02-14 08:44:27.183root 11241100x80000000000000001743611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bdc80b11b9fbb12022-02-14 08:44:27.183root 11241100x80000000000000001743612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a447226f7b4fe7b92022-02-14 08:44:27.183root 11241100x80000000000000001743613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ff78c7168cf2482022-02-14 08:44:27.183root 11241100x80000000000000001743614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79494f64ad4744362022-02-14 08:44:27.183root 11241100x80000000000000001743615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a688e471bbb53992022-02-14 08:44:27.183root 11241100x80000000000000001743616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3587596705765e3f2022-02-14 08:44:27.184root 11241100x80000000000000001743617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeca59f52b4a51372022-02-14 08:44:27.184root 11241100x80000000000000001743618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46ac19d0d19e48b2022-02-14 08:44:27.184root 11241100x80000000000000001743619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca912351cc7adaf2022-02-14 08:44:27.184root 11241100x80000000000000001743620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a522d33d512aa9ec2022-02-14 08:44:27.184root 11241100x80000000000000001743621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd23fb02a580cc52022-02-14 08:44:27.184root 11241100x80000000000000001743622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d7a932b62f8a332022-02-14 08:44:27.184root 11241100x80000000000000001743623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfed7d386baa1ab2022-02-14 08:44:27.184root 11241100x80000000000000001743624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54187e3a4ecaa592022-02-14 08:44:27.184root 11241100x80000000000000001743625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f53d124cdfcb0422022-02-14 08:44:27.184root 11241100x80000000000000001743626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c372f45dd10450012022-02-14 08:44:27.185root 11241100x80000000000000001743627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709acb7477434f3c2022-02-14 08:44:27.185root 11241100x80000000000000001743628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef066d35245b294d2022-02-14 08:44:27.185root 11241100x80000000000000001743629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23875e90174b8a912022-02-14 08:44:27.185root 11241100x80000000000000001743630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6c26bb921e2a222022-02-14 08:44:27.680root 11241100x80000000000000001743631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d11dbc42dec5fcb2022-02-14 08:44:27.680root 11241100x80000000000000001743632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1330826ff666d22022-02-14 08:44:27.681root 11241100x80000000000000001743633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0c82103fc385db2022-02-14 08:44:27.681root 11241100x80000000000000001743634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53034ac6a4245e112022-02-14 08:44:27.681root 11241100x80000000000000001743635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc7a51057063b592022-02-14 08:44:27.681root 11241100x80000000000000001743636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893a02cb4d13f66c2022-02-14 08:44:27.681root 11241100x80000000000000001743637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a92c9f64d55c862022-02-14 08:44:27.681root 11241100x80000000000000001743638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82298c3e94a1124e2022-02-14 08:44:27.681root 11241100x80000000000000001743639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf9b73135d009a22022-02-14 08:44:27.681root 11241100x80000000000000001743640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de48c3e0265d7f532022-02-14 08:44:27.682root 11241100x80000000000000001743641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb9e9f36278d2be2022-02-14 08:44:27.682root 11241100x80000000000000001743642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb2f3e9323e216d2022-02-14 08:44:27.682root 11241100x80000000000000001743643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7995ba914eeecd82022-02-14 08:44:27.682root 11241100x80000000000000001743644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47eb5ff6abe9e32a2022-02-14 08:44:27.682root 11241100x80000000000000001743645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711f5903bd9013f22022-02-14 08:44:27.682root 11241100x80000000000000001743646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b81720cabe179d2022-02-14 08:44:27.682root 11241100x80000000000000001743647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946ad15b23766bbf2022-02-14 08:44:27.682root 11241100x80000000000000001743648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de69c901425734942022-02-14 08:44:27.682root 11241100x80000000000000001743649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8caf3d25f57476e32022-02-14 08:44:27.682root 11241100x80000000000000001743650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef2dbe4941371dc2022-02-14 08:44:27.682root 11241100x80000000000000001743651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193f742f976d3bd22022-02-14 08:44:27.682root 11241100x80000000000000001743652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755fd4ae2c0909192022-02-14 08:44:27.683root 11241100x80000000000000001743653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e98e8a04d25a6882022-02-14 08:44:27.683root 11241100x80000000000000001743654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34897527f98ecb4d2022-02-14 08:44:27.683root 11241100x80000000000000001743655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b877cdc477a27752022-02-14 08:44:27.683root 11241100x80000000000000001743656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7d90f12127e2ee2022-02-14 08:44:27.683root 11241100x80000000000000001743657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d16168ab37ad0a2022-02-14 08:44:27.683root 11241100x80000000000000001743658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c10e6a08af69e0f2022-02-14 08:44:27.683root 11241100x80000000000000001743659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f20cc09cd371fe42022-02-14 08:44:27.683root 11241100x80000000000000001743660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db82e0354d5e8b8d2022-02-14 08:44:27.684root 11241100x80000000000000001743661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0dc60a01a9afeb02022-02-14 08:44:27.684root 11241100x80000000000000001743662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2add3b1a9b1f998c2022-02-14 08:44:27.684root 11241100x80000000000000001743663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8743e2859f00bf3b2022-02-14 08:44:27.684root 11241100x80000000000000001743664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b295168c37c0fa2022-02-14 08:44:27.684root 11241100x80000000000000001743665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8b39b60a3e48e62022-02-14 08:44:27.684root 11241100x80000000000000001743666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a64d2bfcce85a662022-02-14 08:44:27.684root 11241100x80000000000000001743667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6d98a38d6028e52022-02-14 08:44:27.685root 11241100x80000000000000001743668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1f241b9a1934ce2022-02-14 08:44:27.685root 11241100x80000000000000001743669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cbbe9d6bbbc7342022-02-14 08:44:27.685root 11241100x80000000000000001743670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3099aae31116cb042022-02-14 08:44:27.685root 11241100x80000000000000001743671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae1ae138e1d17282022-02-14 08:44:27.685root 11241100x80000000000000001743672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:27.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e46b9ac5b102b5a2022-02-14 08:44:27.685root 11241100x80000000000000001743673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92368ed08905fe532022-02-14 08:44:28.180root 11241100x80000000000000001743674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f072df5c93b5c7d02022-02-14 08:44:28.180root 11241100x80000000000000001743675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c97b5fe733e12a2022-02-14 08:44:28.180root 11241100x80000000000000001743676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28c975fa3c84ef72022-02-14 08:44:28.180root 11241100x80000000000000001743677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c99f3cf8c025d82022-02-14 08:44:28.181root 11241100x80000000000000001743678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456f03f2598b7d022022-02-14 08:44:28.181root 11241100x80000000000000001743679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb4889a8d278f6e2022-02-14 08:44:28.181root 11241100x80000000000000001743680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfeff83a385642412022-02-14 08:44:28.181root 11241100x80000000000000001743681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bce94858a703042022-02-14 08:44:28.181root 11241100x80000000000000001743682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042b6b97d129a7bc2022-02-14 08:44:28.181root 11241100x80000000000000001743683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fc48c5cdffee002022-02-14 08:44:28.182root 11241100x80000000000000001743684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d54a937d294aa1c2022-02-14 08:44:28.182root 11241100x80000000000000001743685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88056435ad9724242022-02-14 08:44:28.182root 11241100x80000000000000001743686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd30cc2c2a04945d2022-02-14 08:44:28.182root 11241100x80000000000000001743687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e388d6b5246ee7412022-02-14 08:44:28.182root 11241100x80000000000000001743688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e985e4edab87f72022-02-14 08:44:28.182root 11241100x80000000000000001743689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe95d1ad911de1c2022-02-14 08:44:28.183root 11241100x80000000000000001743690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6292b6a65ddfef12022-02-14 08:44:28.183root 11241100x80000000000000001743691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cddb929979ef962022-02-14 08:44:28.183root 11241100x80000000000000001743692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8312d3ec77d176d62022-02-14 08:44:28.183root 11241100x80000000000000001743693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031b10f7fc336c172022-02-14 08:44:28.183root 11241100x80000000000000001743694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e1ffb5834295b92022-02-14 08:44:28.183root 11241100x80000000000000001743695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3841a3cb2d81c042022-02-14 08:44:28.184root 11241100x80000000000000001743696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d3b1b932f65c362022-02-14 08:44:28.184root 11241100x80000000000000001743697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c142d371c0d11522022-02-14 08:44:28.184root 11241100x80000000000000001743698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9656dff518846c2022-02-14 08:44:28.184root 11241100x80000000000000001743699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2047b462c1a4ff2a2022-02-14 08:44:28.184root 11241100x80000000000000001743700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360e03be419c4a6e2022-02-14 08:44:28.184root 11241100x80000000000000001743701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ebc53941bc0abd2022-02-14 08:44:28.184root 11241100x80000000000000001743702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd1403ad2ae32132022-02-14 08:44:28.184root 11241100x80000000000000001743703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a195639d3a2ccc112022-02-14 08:44:28.184root 11241100x80000000000000001743704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad8293374102e8c2022-02-14 08:44:28.184root 11241100x80000000000000001743705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13905fb3db281952022-02-14 08:44:28.185root 11241100x80000000000000001743706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488dc6cec93506772022-02-14 08:44:28.185root 11241100x80000000000000001743707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc207328348899232022-02-14 08:44:28.185root 11241100x80000000000000001743708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b033d0050d7359b12022-02-14 08:44:28.185root 11241100x80000000000000001743709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1887ddfa8a8b9ae32022-02-14 08:44:28.185root 11241100x80000000000000001743710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980ea742cf056bd32022-02-14 08:44:28.185root 11241100x80000000000000001743711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a0461ced238db32022-02-14 08:44:28.185root 11241100x80000000000000001743712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc1e026b3f489652022-02-14 08:44:28.185root 11241100x80000000000000001743713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780ec400bad9a42e2022-02-14 08:44:28.185root 11241100x80000000000000001743714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58c9cdec1e68c262022-02-14 08:44:28.185root 11241100x80000000000000001743715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e3612a187052b72022-02-14 08:44:28.186root 11241100x80000000000000001743716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ef20baba87c0e32022-02-14 08:44:28.186root 11241100x80000000000000001743717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed40f4bd34e3fc82022-02-14 08:44:28.186root 11241100x80000000000000001743718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f8c1ea495337802022-02-14 08:44:28.186root 11241100x80000000000000001743719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789cb2eb059e29912022-02-14 08:44:28.186root 11241100x80000000000000001743720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6fd5f0050dc8332022-02-14 08:44:28.186root 11241100x80000000000000001743721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90d4f9dac0cd3192022-02-14 08:44:28.186root 11241100x80000000000000001743722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6a94abf4193e8e2022-02-14 08:44:28.186root 11241100x80000000000000001743723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b4c1431c10ce1c2022-02-14 08:44:28.186root 11241100x80000000000000001743724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60d02ebdda2210d2022-02-14 08:44:28.679root 11241100x80000000000000001743725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165f51652fca58b22022-02-14 08:44:28.680root 11241100x80000000000000001743726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fcd8a49dac37ac2022-02-14 08:44:28.680root 11241100x80000000000000001743727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ba5846d0881b642022-02-14 08:44:28.680root 11241100x80000000000000001743728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696bf40e86df55652022-02-14 08:44:28.680root 11241100x80000000000000001743729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10ddb8daa82174b2022-02-14 08:44:28.680root 11241100x80000000000000001743730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3b7d9f7c500d562022-02-14 08:44:28.681root 11241100x80000000000000001743731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32fed1a773cd3a22022-02-14 08:44:28.681root 11241100x80000000000000001743732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3f601f0f568a642022-02-14 08:44:28.681root 11241100x80000000000000001743733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a61d99d74ae88a62022-02-14 08:44:28.681root 11241100x80000000000000001743734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab42ac2c4d42151c2022-02-14 08:44:28.681root 11241100x80000000000000001743735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8643c12747d0cff2022-02-14 08:44:28.681root 11241100x80000000000000001743736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c77aef1fa4273b2022-02-14 08:44:28.681root 11241100x80000000000000001743737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9c641b4336a37c2022-02-14 08:44:28.681root 11241100x80000000000000001743738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b85480ab001bf92022-02-14 08:44:28.681root 11241100x80000000000000001743739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2199cbeb6042aa2022-02-14 08:44:28.681root 11241100x80000000000000001743740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f07b9aec43b85fc2022-02-14 08:44:28.683root 11241100x80000000000000001743741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4451614c0c42621e2022-02-14 08:44:28.684root 11241100x80000000000000001743742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85887538a3c5e322022-02-14 08:44:28.684root 11241100x80000000000000001743743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5f4ae8482b11912022-02-14 08:44:28.684root 11241100x80000000000000001743744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeda779fb434847a2022-02-14 08:44:28.684root 11241100x80000000000000001743745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15468b12eb5fe412022-02-14 08:44:28.684root 11241100x80000000000000001743746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1b2dde03a19fed2022-02-14 08:44:28.684root 11241100x80000000000000001743747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a197a2191aa11eff2022-02-14 08:44:28.684root 11241100x80000000000000001743748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5500d1de466954822022-02-14 08:44:28.684root 11241100x80000000000000001743749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cac5778469b68db2022-02-14 08:44:28.685root 11241100x80000000000000001743750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37196aabc668ccb2022-02-14 08:44:28.685root 11241100x80000000000000001743751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0e83ca442c01e02022-02-14 08:44:28.685root 11241100x80000000000000001743752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f1e849f20d41652022-02-14 08:44:28.685root 11241100x80000000000000001743753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6518ae104c00a83c2022-02-14 08:44:28.685root 11241100x80000000000000001743754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f1849463e2030f2022-02-14 08:44:28.685root 11241100x80000000000000001743755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a4f2716ae065802022-02-14 08:44:28.685root 11241100x80000000000000001743756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a8cfd38932b32c2022-02-14 08:44:28.686root 11241100x80000000000000001743757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10209de4e4fde502022-02-14 08:44:28.686root 11241100x80000000000000001743758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c43043687b9a0e2022-02-14 08:44:28.686root 11241100x80000000000000001743759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18f1fe1a20293bc2022-02-14 08:44:28.686root 11241100x80000000000000001743760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f829456f34ee752022-02-14 08:44:28.686root 11241100x80000000000000001743761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21835351d9bbbafa2022-02-14 08:44:28.686root 11241100x80000000000000001743762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21c974c0e794bf52022-02-14 08:44:28.686root 11241100x80000000000000001743763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1cfd4b9b984c952022-02-14 08:44:28.686root 11241100x80000000000000001743764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458d5b30d9050df82022-02-14 08:44:28.687root 11241100x80000000000000001743765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4937cc46da50959c2022-02-14 08:44:28.687root 11241100x80000000000000001743766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0739c8b788f83c172022-02-14 08:44:28.687root 11241100x80000000000000001743767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428c35b2d0f56c972022-02-14 08:44:28.687root 11241100x80000000000000001743768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6592db6928a2dc32022-02-14 08:44:28.687root 11241100x80000000000000001743769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f414e03a5f44e5222022-02-14 08:44:28.687root 11241100x80000000000000001743770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c8cd685e4a8a1d2022-02-14 08:44:28.687root 11241100x80000000000000001743771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e88619683447772022-02-14 08:44:28.687root 11241100x80000000000000001743772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5d1c85247ff84b2022-02-14 08:44:28.687root 11241100x80000000000000001743773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1813fede4fb0692022-02-14 08:44:28.687root 11241100x80000000000000001743774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc23f2add4f58242022-02-14 08:44:28.687root 11241100x80000000000000001743775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe3a3fe171548422022-02-14 08:44:28.688root 11241100x80000000000000001743776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6510ee3582b86e1c2022-02-14 08:44:28.688root 11241100x80000000000000001743777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ee416cef105e1f2022-02-14 08:44:28.688root 11241100x80000000000000001743778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:28.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96e1d42accb97e22022-02-14 08:44:28.688root 354300x80000000000000001743779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.008{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51488-false10.0.1.12-8000- 11241100x80000000000000001743780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.009{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc075b7f101ab1872022-02-14 08:44:29.009root 11241100x80000000000000001743781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.009{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f885de25875baff2022-02-14 08:44:29.009root 11241100x80000000000000001743782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.009{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f5a5d745c95af52022-02-14 08:44:29.009root 11241100x80000000000000001743783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.010{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d1ff550fb40e642022-02-14 08:44:29.010root 11241100x80000000000000001743784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.010{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667bb23eb22ebd452022-02-14 08:44:29.010root 11241100x80000000000000001743785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.010{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400766d5edce58ea2022-02-14 08:44:29.010root 11241100x80000000000000001743786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.010{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75aa5bd4bbf5ecc02022-02-14 08:44:29.010root 11241100x80000000000000001743787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.010{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc2b5d1e0b10aff2022-02-14 08:44:29.010root 11241100x80000000000000001743788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.010{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c9ad789851a2ad2022-02-14 08:44:29.010root 11241100x80000000000000001743789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.011{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6180a3a698aea15d2022-02-14 08:44:29.011root 11241100x80000000000000001743790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.011{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc08787ed1b2d8a82022-02-14 08:44:29.011root 11241100x80000000000000001743791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.011{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aad18687dca5c682022-02-14 08:44:29.011root 11241100x80000000000000001743792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.011{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e3f0bafa109fc32022-02-14 08:44:29.011root 11241100x80000000000000001743793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.011{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93feba0800aa00f22022-02-14 08:44:29.011root 11241100x80000000000000001743794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.011{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542893252f19cedc2022-02-14 08:44:29.011root 11241100x80000000000000001743795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.012{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07486a503a87db992022-02-14 08:44:29.012root 11241100x80000000000000001743796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.012{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d10a8c98a5a5b652022-02-14 08:44:29.012root 11241100x80000000000000001743797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.012{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a20872dc4af08172022-02-14 08:44:29.012root 11241100x80000000000000001743798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.012{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed0c5f1b359e2b82022-02-14 08:44:29.012root 11241100x80000000000000001743799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.012{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5803fa8608ce25aa2022-02-14 08:44:29.012root 11241100x80000000000000001743800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.012{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6d04ef62cbc6ed2022-02-14 08:44:29.012root 11241100x80000000000000001743801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.012{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9822333eeb071a02022-02-14 08:44:29.012root 11241100x80000000000000001743802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.013{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d854ac5cd7d8d1522022-02-14 08:44:29.013root 11241100x80000000000000001743803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.013{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77316cf85806f7972022-02-14 08:44:29.013root 11241100x80000000000000001743804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.013{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e47b5b2cf51c522022-02-14 08:44:29.013root 11241100x80000000000000001743805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.014{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adf445b3c68d5d62022-02-14 08:44:29.014root 11241100x80000000000000001743806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.014{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e75971cc446dea02022-02-14 08:44:29.014root 11241100x80000000000000001743807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.015{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9bb6c2636f95d8c2022-02-14 08:44:29.015root 11241100x80000000000000001743808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.015{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21679fca0b330f152022-02-14 08:44:29.015root 11241100x80000000000000001743809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.015{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca3cb48d98f30372022-02-14 08:44:29.015root 11241100x80000000000000001743810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.017{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe318c6a985c0a8f2022-02-14 08:44:29.017root 11241100x80000000000000001743811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.017{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f830c7b6933fc02022-02-14 08:44:29.017root 11241100x80000000000000001743812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.017{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8eb2fadfd2451c32022-02-14 08:44:29.017root 11241100x80000000000000001743813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.018{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e346d935706b902022-02-14 08:44:29.018root 11241100x80000000000000001743814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.018{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70dc66224b76f3162022-02-14 08:44:29.018root 11241100x80000000000000001743815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.018{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825ecea4801911552022-02-14 08:44:29.018root 11241100x80000000000000001743816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.018{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3f5fe1207746862022-02-14 08:44:29.018root 11241100x80000000000000001743817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.018{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9223196687d668b82022-02-14 08:44:29.018root 11241100x80000000000000001743818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.018{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1b028b81d47c452022-02-14 08:44:29.018root 11241100x80000000000000001743819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.018{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd98dc05c827a8f42022-02-14 08:44:29.018root 11241100x80000000000000001743820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.018{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68333dbab4c0b452022-02-14 08:44:29.018root 11241100x80000000000000001743821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.018{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55978d2a318166ed2022-02-14 08:44:29.018root 11241100x80000000000000001743822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.019{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe5cfecb42ff5022022-02-14 08:44:29.019root 11241100x80000000000000001743823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.019{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c3628a478c48172022-02-14 08:44:29.019root 11241100x80000000000000001743824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.019{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95b71854ec0ef892022-02-14 08:44:29.019root 11241100x80000000000000001743825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.019{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecd73493788f50b2022-02-14 08:44:29.019root 11241100x80000000000000001743826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.019{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30551cad8becd74a2022-02-14 08:44:29.019root 11241100x80000000000000001743827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.019{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5758c41566e4e0a62022-02-14 08:44:29.019root 11241100x80000000000000001743828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.019{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b5f78879a9d1ca2022-02-14 08:44:29.019root 11241100x80000000000000001743829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.019{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3bfa87e8c719022022-02-14 08:44:29.019root 11241100x80000000000000001743830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.019{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e249faa1bc00fe2022-02-14 08:44:29.019root 11241100x80000000000000001743831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.019{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5ea67640b8396d2022-02-14 08:44:29.019root 11241100x80000000000000001743832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.019{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd8c0f388f17c162022-02-14 08:44:29.019root 11241100x80000000000000001743833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.019{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3853a35d7084a14e2022-02-14 08:44:29.019root 11241100x80000000000000001743834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.019{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89b56f2ae84bf2e2022-02-14 08:44:29.019root 11241100x80000000000000001743835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.020{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb41d170559a3442022-02-14 08:44:29.020root 11241100x80000000000000001743836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.020{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387a6e44f2d361372022-02-14 08:44:29.020root 11241100x80000000000000001743837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.020{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a183efa0867f982022-02-14 08:44:29.020root 11241100x80000000000000001743838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.020{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c140857b02930f342022-02-14 08:44:29.020root 11241100x80000000000000001743839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.020{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b45b6df96883192022-02-14 08:44:29.020root 11241100x80000000000000001743840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.020{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236e1f8da52df2242022-02-14 08:44:29.020root 11241100x80000000000000001743841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.020{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d95a4bbab5ecba2022-02-14 08:44:29.020root 11241100x80000000000000001743842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.020{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2de641316f5a1f52022-02-14 08:44:29.020root 11241100x80000000000000001743843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.020{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e91fcc4dd6fa0392022-02-14 08:44:29.020root 11241100x80000000000000001743844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.021{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cd3d0be476292d2022-02-14 08:44:29.021root 11241100x80000000000000001743845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.021{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d95686a151c21dd2022-02-14 08:44:29.021root 11241100x80000000000000001743846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.021{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f450fe2429ceeeb52022-02-14 08:44:29.021root 11241100x80000000000000001743847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.021{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd7b431ca39ac1e2022-02-14 08:44:29.021root 11241100x80000000000000001743848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.021{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8190e45c3a254de62022-02-14 08:44:29.021root 11241100x80000000000000001743849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.021{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13fa022025f19e92022-02-14 08:44:29.021root 11241100x80000000000000001743850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.021{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7eeab5091f6089a2022-02-14 08:44:29.021root 11241100x80000000000000001743851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.021{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9a5105b5ef65222022-02-14 08:44:29.021root 11241100x80000000000000001743852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef521a7d87f8c9d62022-02-14 08:44:29.430root 11241100x80000000000000001743853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e9b5aadba3da662022-02-14 08:44:29.430root 11241100x80000000000000001743854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1434ebfa9c660e52022-02-14 08:44:29.430root 11241100x80000000000000001743855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a704da0ede8a4dbb2022-02-14 08:44:29.430root 11241100x80000000000000001743856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1532960e012abc2022-02-14 08:44:29.430root 11241100x80000000000000001743857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357c95fd7c9fa5f82022-02-14 08:44:29.430root 11241100x80000000000000001743858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f7aa0fdb7ba71a2022-02-14 08:44:29.430root 11241100x80000000000000001743859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124538e89daaec4a2022-02-14 08:44:29.430root 11241100x80000000000000001743860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e71a1546c3418292022-02-14 08:44:29.431root 11241100x80000000000000001743861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934c0a4008fe03c02022-02-14 08:44:29.431root 11241100x80000000000000001743862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a160d17fcc3535b32022-02-14 08:44:29.431root 11241100x80000000000000001743863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b7013874bf04cf2022-02-14 08:44:29.431root 11241100x80000000000000001743864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012c6f662e4225f42022-02-14 08:44:29.431root 11241100x80000000000000001743865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe008b4ac018b7d2022-02-14 08:44:29.431root 11241100x80000000000000001743866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a41421c3965e4f2022-02-14 08:44:29.432root 11241100x80000000000000001743867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70ac4fe423ff0612022-02-14 08:44:29.432root 11241100x80000000000000001743868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fda06cc11ebd2a52022-02-14 08:44:29.432root 11241100x80000000000000001743869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a651d7ae8226ecd2022-02-14 08:44:29.432root 11241100x80000000000000001743870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4f9eb487ca74982022-02-14 08:44:29.432root 11241100x80000000000000001743871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b9316c10523b5d2022-02-14 08:44:29.433root 11241100x80000000000000001743872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d44cfc302e6e5a2022-02-14 08:44:29.433root 11241100x80000000000000001743873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bd2d33f77199832022-02-14 08:44:29.433root 11241100x80000000000000001743874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3881540c914321c62022-02-14 08:44:29.433root 11241100x80000000000000001743875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37feec07236d5bb12022-02-14 08:44:29.433root 11241100x80000000000000001743876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4280aeef24b399842022-02-14 08:44:29.434root 11241100x80000000000000001743877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82b2490c8502adf2022-02-14 08:44:29.434root 11241100x80000000000000001743878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d88d1c68e3e959d2022-02-14 08:44:29.434root 11241100x80000000000000001743879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ea56bb88907f6e2022-02-14 08:44:29.435root 11241100x80000000000000001743880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e735e1a9fd42dad02022-02-14 08:44:29.435root 11241100x80000000000000001743881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ef8b95fd3324bd2022-02-14 08:44:29.435root 11241100x80000000000000001743882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931ea158e7f22e402022-02-14 08:44:29.435root 11241100x80000000000000001743883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb8eca78f0279d62022-02-14 08:44:29.435root 11241100x80000000000000001743884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825c216c6df910e62022-02-14 08:44:29.436root 11241100x80000000000000001743885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf85c4946580a78b2022-02-14 08:44:29.436root 11241100x80000000000000001743886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333f3126fd6767912022-02-14 08:44:29.436root 11241100x80000000000000001743887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0669cb9f4d8ac40b2022-02-14 08:44:29.436root 11241100x80000000000000001743888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62a8567a86b8eb52022-02-14 08:44:29.437root 11241100x80000000000000001743889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec8fd6561ed8b462022-02-14 08:44:29.438root 11241100x80000000000000001743890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e194b8b8583e7182022-02-14 08:44:29.438root 11241100x80000000000000001743891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc59c698a1458962022-02-14 08:44:29.438root 11241100x80000000000000001743892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f60ab882fbe5782022-02-14 08:44:29.438root 11241100x80000000000000001743893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b485654ba8816882022-02-14 08:44:29.438root 11241100x80000000000000001743894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461a27e1ea3c019a2022-02-14 08:44:29.438root 11241100x80000000000000001743895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fce68951fc85a02022-02-14 08:44:29.438root 11241100x80000000000000001743896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d57a691300b5a92022-02-14 08:44:29.439root 11241100x80000000000000001743897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17039d1da76339f72022-02-14 08:44:29.439root 11241100x80000000000000001743898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41cce16021a5dae2022-02-14 08:44:29.439root 11241100x80000000000000001743899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cba4a9172e59122022-02-14 08:44:29.439root 11241100x80000000000000001743900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecd8de9a2784ee12022-02-14 08:44:29.439root 11241100x80000000000000001743901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb63a3bbf3e0f302022-02-14 08:44:29.439root 11241100x80000000000000001743902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca661409fe11ef92022-02-14 08:44:29.439root 11241100x80000000000000001743903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a6370882839e1a2022-02-14 08:44:29.439root 11241100x80000000000000001743904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ca115ab565d0942022-02-14 08:44:29.439root 11241100x80000000000000001743905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28e3ea636b870152022-02-14 08:44:29.439root 11241100x80000000000000001743906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749e1ed3012b88282022-02-14 08:44:29.931root 11241100x80000000000000001743907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991f9ba868534f302022-02-14 08:44:29.931root 11241100x80000000000000001743908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72143e34b88c66ad2022-02-14 08:44:29.931root 11241100x80000000000000001743909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0a3a55697f26b82022-02-14 08:44:29.931root 11241100x80000000000000001743910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6002d0f18fb789142022-02-14 08:44:29.931root 11241100x80000000000000001743911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd07c8aa2f7919822022-02-14 08:44:29.931root 11241100x80000000000000001743912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6672809ae9fbce612022-02-14 08:44:29.931root 11241100x80000000000000001743913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d75f674446598b62022-02-14 08:44:29.931root 11241100x80000000000000001743914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef3b70b519897fe2022-02-14 08:44:29.931root 11241100x80000000000000001743915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a230293e39cfa02022-02-14 08:44:29.931root 11241100x80000000000000001743916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888f25e790fc76432022-02-14 08:44:29.931root 11241100x80000000000000001743917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be2633a0d526cf32022-02-14 08:44:29.931root 11241100x80000000000000001743918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a75e75decb4b932022-02-14 08:44:29.932root 11241100x80000000000000001743919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5ab1957171ba662022-02-14 08:44:29.932root 11241100x80000000000000001743920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddd4e152d5a942a2022-02-14 08:44:29.932root 11241100x80000000000000001743921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae8f59bc785ec962022-02-14 08:44:29.932root 11241100x80000000000000001743922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030ae6aa0bfda4fd2022-02-14 08:44:29.932root 11241100x80000000000000001743923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f47954452419adc2022-02-14 08:44:29.932root 11241100x80000000000000001743924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd25f6f6f01d21442022-02-14 08:44:29.932root 11241100x80000000000000001743925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685b6fb4787fbc392022-02-14 08:44:29.932root 11241100x80000000000000001743926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac66effebc8e6b62022-02-14 08:44:29.932root 11241100x80000000000000001743927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f3bd45c47f043e2022-02-14 08:44:29.933root 11241100x80000000000000001743928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5eeb6626388ed4b2022-02-14 08:44:29.933root 11241100x80000000000000001743929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3ed73ab23802532022-02-14 08:44:29.933root 11241100x80000000000000001743930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdebd8ebcd3c00b2022-02-14 08:44:29.933root 11241100x80000000000000001743931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e6019c2906d64f2022-02-14 08:44:29.933root 11241100x80000000000000001743932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c733f97d9720d8ad2022-02-14 08:44:29.933root 11241100x80000000000000001743933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc12cfb293129792022-02-14 08:44:29.933root 11241100x80000000000000001743934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917005a68712846d2022-02-14 08:44:29.933root 11241100x80000000000000001743935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea366db928ecc2a2022-02-14 08:44:29.933root 11241100x80000000000000001743936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b901e7a4ebb42b2022-02-14 08:44:29.934root 11241100x80000000000000001743937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f57eae02fbac1c52022-02-14 08:44:29.934root 11241100x80000000000000001743938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484e82ff50b2668d2022-02-14 08:44:29.934root 11241100x80000000000000001743939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad02dd29485a8fb2022-02-14 08:44:29.934root 11241100x80000000000000001743940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c18f5e977e16ccd2022-02-14 08:44:29.934root 11241100x80000000000000001743941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52b9e5cc6173cbf2022-02-14 08:44:29.934root 11241100x80000000000000001743942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffe07bc15a825682022-02-14 08:44:29.934root 11241100x80000000000000001743943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde640ff1f85e1012022-02-14 08:44:29.935root 11241100x80000000000000001743944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aeb1582efb204002022-02-14 08:44:29.935root 11241100x80000000000000001743945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87aba8a42a3ea7c02022-02-14 08:44:29.935root 11241100x80000000000000001743946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07dbd93e4b8990012022-02-14 08:44:29.935root 11241100x80000000000000001743947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9a40270fdf380c2022-02-14 08:44:29.935root 11241100x80000000000000001743948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59a895fd3f961d92022-02-14 08:44:29.935root 11241100x80000000000000001743949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:29.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0f3f8c545208512022-02-14 08:44:29.935root 11241100x80000000000000001743950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b175549df82ce4572022-02-14 08:44:30.429root 11241100x80000000000000001743951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f7a634cf3c62992022-02-14 08:44:30.430root 11241100x80000000000000001743952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b235ff4f8da881fb2022-02-14 08:44:30.430root 11241100x80000000000000001743953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f66b487a3822902022-02-14 08:44:30.430root 11241100x80000000000000001743954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db70024c23bf02582022-02-14 08:44:30.430root 11241100x80000000000000001743955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa36629af5e85282022-02-14 08:44:30.430root 11241100x80000000000000001743956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68e7bce45a0c03b2022-02-14 08:44:30.430root 11241100x80000000000000001743957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1b99d6a51425912022-02-14 08:44:30.431root 11241100x80000000000000001743958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0128fad0aa444df22022-02-14 08:44:30.431root 11241100x80000000000000001743959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25316f2de456d032022-02-14 08:44:30.431root 11241100x80000000000000001743960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c88dce64e678cc52022-02-14 08:44:30.431root 11241100x80000000000000001743961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fedc852cb950d9d02022-02-14 08:44:30.431root 11241100x80000000000000001743962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46adb4b4e60357ed2022-02-14 08:44:30.431root 11241100x80000000000000001743963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef858517055ecb292022-02-14 08:44:30.431root 11241100x80000000000000001743964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e1e664cf4be9952022-02-14 08:44:30.431root 11241100x80000000000000001743965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41df67bf932632712022-02-14 08:44:30.431root 11241100x80000000000000001743966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e9e30d2de5f3c92022-02-14 08:44:30.431root 11241100x80000000000000001743967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d363d22237bd3d12022-02-14 08:44:30.432root 11241100x80000000000000001743968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f999210b3028602022-02-14 08:44:30.432root 11241100x80000000000000001743969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712e553531ecba722022-02-14 08:44:30.432root 11241100x80000000000000001743970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b16bdc1bf9c48e22022-02-14 08:44:30.432root 11241100x80000000000000001743971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f609d29c6df022bf2022-02-14 08:44:30.432root 11241100x80000000000000001743972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242f27919f10c2422022-02-14 08:44:30.432root 11241100x80000000000000001743973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa124e75cc1214862022-02-14 08:44:30.432root 11241100x80000000000000001743974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3c5f6eabe85b0e2022-02-14 08:44:30.432root 11241100x80000000000000001743975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd4dc00c42895442022-02-14 08:44:30.432root 11241100x80000000000000001743976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ececa3111ef8792022-02-14 08:44:30.432root 11241100x80000000000000001743977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bafad2c9e4631c82022-02-14 08:44:30.432root 11241100x80000000000000001743978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8209f8b41bb575a2022-02-14 08:44:30.433root 11241100x80000000000000001743979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997670d6b238ea1c2022-02-14 08:44:30.433root 11241100x80000000000000001743980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c815f156d4b1e5a72022-02-14 08:44:30.433root 11241100x80000000000000001743981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d8e592e71850722022-02-14 08:44:30.433root 11241100x80000000000000001743982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002f9410976f7cba2022-02-14 08:44:30.433root 11241100x80000000000000001743983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c60ed8fd9ffed62022-02-14 08:44:30.433root 11241100x80000000000000001743984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ca42f4ea9efd432022-02-14 08:44:30.433root 11241100x80000000000000001743985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0074152e28896c2022-02-14 08:44:30.433root 11241100x80000000000000001743986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05aaf2ac042b43c52022-02-14 08:44:30.433root 11241100x80000000000000001743987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b78de599a8d96fb2022-02-14 08:44:30.433root 11241100x80000000000000001743988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e79ba9c0a421e4a2022-02-14 08:44:30.433root 11241100x80000000000000001743989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508bdcdc7a86d34b2022-02-14 08:44:30.433root 11241100x80000000000000001743990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcbcb7259036e7d2022-02-14 08:44:30.433root 11241100x80000000000000001743991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b614f703784bad72022-02-14 08:44:30.434root 11241100x80000000000000001743992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d785a464e53cf2bc2022-02-14 08:44:30.434root 11241100x80000000000000001743993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0245683457b03a2022-02-14 08:44:30.434root 11241100x80000000000000001743994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce64a567fcbfa3c2022-02-14 08:44:30.434root 11241100x80000000000000001743995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c48fef0d0855d72022-02-14 08:44:30.434root 11241100x80000000000000001743996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9a5cdd49b11edd2022-02-14 08:44:30.434root 11241100x80000000000000001743997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fab1a6bddfdaa9f2022-02-14 08:44:30.434root 11241100x80000000000000001743998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe10534c5648bbee2022-02-14 08:44:30.434root 11241100x80000000000000001743999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e6626bff1ea8752022-02-14 08:44:30.434root 11241100x80000000000000001744000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d07f77123084512022-02-14 08:44:30.434root 11241100x80000000000000001744001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a206aa042dc8fe692022-02-14 08:44:30.435root 11241100x80000000000000001744002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a02eeb2c1f084492022-02-14 08:44:30.435root 11241100x80000000000000001744003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272dddcd1de1321e2022-02-14 08:44:30.435root 11241100x80000000000000001744004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5897910d31c74a992022-02-14 08:44:30.930root 11241100x80000000000000001744005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23a75f59dcfd55f2022-02-14 08:44:30.931root 11241100x80000000000000001744006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710e4d76b92551ec2022-02-14 08:44:30.931root 11241100x80000000000000001744007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9769d4c9f52ed892022-02-14 08:44:30.931root 11241100x80000000000000001744008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37db4600f03d3b62022-02-14 08:44:30.931root 11241100x80000000000000001744009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b9f3961d4dfe5e2022-02-14 08:44:30.931root 11241100x80000000000000001744010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcf6446258e199f2022-02-14 08:44:30.931root 11241100x80000000000000001744011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda776c67a9713192022-02-14 08:44:30.931root 11241100x80000000000000001744012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388ef1a86804806c2022-02-14 08:44:30.931root 11241100x80000000000000001744013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e293500aae39c96a2022-02-14 08:44:30.931root 11241100x80000000000000001744014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8488258820f36a222022-02-14 08:44:30.931root 11241100x80000000000000001744015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888c00642032f6962022-02-14 08:44:30.931root 11241100x80000000000000001744016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d672dc72be08df2022-02-14 08:44:30.931root 11241100x80000000000000001744017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f193e454d74f69982022-02-14 08:44:30.931root 11241100x80000000000000001744018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805f6f519fa4cbb72022-02-14 08:44:30.932root 11241100x80000000000000001744019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38b40ec759eb9dd2022-02-14 08:44:30.932root 11241100x80000000000000001744020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cbead57099de032022-02-14 08:44:30.932root 11241100x80000000000000001744021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b66bb3897ea9a82022-02-14 08:44:30.932root 11241100x80000000000000001744022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5d92cc093b83472022-02-14 08:44:30.932root 11241100x80000000000000001744023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a164e18a74bafbd2022-02-14 08:44:30.932root 11241100x80000000000000001744024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5e909d267753fd2022-02-14 08:44:30.932root 11241100x80000000000000001744025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e697bf76c386b9e2022-02-14 08:44:30.932root 11241100x80000000000000001744026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1614f8f2f13059f22022-02-14 08:44:30.932root 11241100x80000000000000001744027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98604deb608166252022-02-14 08:44:30.932root 11241100x80000000000000001744028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbf7d8d52ad33ba2022-02-14 08:44:30.932root 11241100x80000000000000001744029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1000709ec3975f6a2022-02-14 08:44:30.932root 11241100x80000000000000001744030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ab8c50d5d5c0b22022-02-14 08:44:30.932root 11241100x80000000000000001744031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64974b909effb8192022-02-14 08:44:30.932root 11241100x80000000000000001744032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d28950ecb13be02022-02-14 08:44:30.932root 11241100x80000000000000001744033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ddcd047b943df92022-02-14 08:44:30.933root 11241100x80000000000000001744034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cea874d61dfff72022-02-14 08:44:30.933root 11241100x80000000000000001744035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b52b414fd7f0442022-02-14 08:44:30.933root 11241100x80000000000000001744036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0037304f90e716892022-02-14 08:44:30.933root 11241100x80000000000000001744037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3286296d25ee98a62022-02-14 08:44:30.933root 11241100x80000000000000001744038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a82815a4b64f0972022-02-14 08:44:30.933root 11241100x80000000000000001744039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32c0b24025ee7132022-02-14 08:44:30.933root 11241100x80000000000000001744040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116089b8f4a530952022-02-14 08:44:30.933root 11241100x80000000000000001744041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ffc70f1ecc18062022-02-14 08:44:30.933root 11241100x80000000000000001744042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a488daa10100562022-02-14 08:44:30.933root 11241100x80000000000000001744043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb62ad96e940f0e72022-02-14 08:44:30.933root 11241100x80000000000000001744044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4627a3e7fb7069d82022-02-14 08:44:30.933root 11241100x80000000000000001744045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.941{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3920c6df7ad5802022-02-14 08:44:30.941root 11241100x80000000000000001744046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:30.942{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab341cd2424e90a2022-02-14 08:44:30.942root 11241100x80000000000000001744047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8e3577a0721ffc2022-02-14 08:44:31.430root 11241100x80000000000000001744048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0b64f244d201632022-02-14 08:44:31.431root 11241100x80000000000000001744049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3308d2fd8977cc4a2022-02-14 08:44:31.431root 11241100x80000000000000001744050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ef75de29af955d2022-02-14 08:44:31.431root 11241100x80000000000000001744051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f892634130f92eaa2022-02-14 08:44:31.431root 11241100x80000000000000001744052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5774705a38e869ac2022-02-14 08:44:31.431root 11241100x80000000000000001744053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5153bb4795ada22022-02-14 08:44:31.431root 11241100x80000000000000001744054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9c9180736da6852022-02-14 08:44:31.431root 11241100x80000000000000001744055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda44fbe30012eed2022-02-14 08:44:31.431root 11241100x80000000000000001744056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598144c160bea5f52022-02-14 08:44:31.431root 11241100x80000000000000001744057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1684c842621b76822022-02-14 08:44:31.431root 11241100x80000000000000001744058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59697075e24206482022-02-14 08:44:31.431root 11241100x80000000000000001744059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00064769ac1849942022-02-14 08:44:31.431root 11241100x80000000000000001744060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafae810763622d72022-02-14 08:44:31.432root 11241100x80000000000000001744061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60936711c0dd99e82022-02-14 08:44:31.432root 11241100x80000000000000001744062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432bfea6538f99c62022-02-14 08:44:31.432root 11241100x80000000000000001744063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c772a6ddfe2d5b052022-02-14 08:44:31.432root 11241100x80000000000000001744064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39d8ba8c4c5e06a2022-02-14 08:44:31.432root 11241100x80000000000000001744065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfb98aabd9b4a3f2022-02-14 08:44:31.432root 11241100x80000000000000001744066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46481c61c726185c2022-02-14 08:44:31.432root 11241100x80000000000000001744067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d43eb65f7f494172022-02-14 08:44:31.432root 11241100x80000000000000001744068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4336f55278497f52022-02-14 08:44:31.432root 11241100x80000000000000001744069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325f4db8cedff1ce2022-02-14 08:44:31.432root 11241100x80000000000000001744070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241d75d5d2109c512022-02-14 08:44:31.433root 11241100x80000000000000001744071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4af40b3df65b522022-02-14 08:44:31.433root 11241100x80000000000000001744072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7094c092473421702022-02-14 08:44:31.433root 11241100x80000000000000001744073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d61b1bfa8dfcc5b2022-02-14 08:44:31.433root 11241100x80000000000000001744074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aab8931bbac43a92022-02-14 08:44:31.433root 11241100x80000000000000001744075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054e834c12684c002022-02-14 08:44:31.434root 11241100x80000000000000001744076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79ed24dc0a77caf2022-02-14 08:44:31.434root 11241100x80000000000000001744077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d681e7df7dcd0f842022-02-14 08:44:31.435root 11241100x80000000000000001744078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc578830db63717e2022-02-14 08:44:31.435root 11241100x80000000000000001744079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04bef9cd8d8a5f62022-02-14 08:44:31.436root 11241100x80000000000000001744080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08a7986831b8fdd2022-02-14 08:44:31.436root 11241100x80000000000000001744081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbf35ede5ce0ccb2022-02-14 08:44:31.436root 11241100x80000000000000001744082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9ace6c91cf74682022-02-14 08:44:31.436root 11241100x80000000000000001744083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b1a1b29b29abdb2022-02-14 08:44:31.436root 11241100x80000000000000001744084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b4d0f49851ccea2022-02-14 08:44:31.436root 11241100x80000000000000001744085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3791d38b7e492c42022-02-14 08:44:31.436root 11241100x80000000000000001744086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca287046d6720122022-02-14 08:44:31.436root 11241100x80000000000000001744087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7b0cc17ef4748b2022-02-14 08:44:31.436root 11241100x80000000000000001744088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af6205b37bffe1d2022-02-14 08:44:31.437root 11241100x80000000000000001744089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc182fa712aa2a32022-02-14 08:44:31.437root 11241100x80000000000000001744090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f486a80b80638a7a2022-02-14 08:44:31.437root 11241100x80000000000000001744091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ac4d46a2e97a892022-02-14 08:44:31.437root 11241100x80000000000000001744092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959b405ea1237a752022-02-14 08:44:31.438root 11241100x80000000000000001744093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f1c0f68cf001352022-02-14 08:44:31.438root 11241100x80000000000000001744094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174ab8c45073e3452022-02-14 08:44:31.438root 11241100x80000000000000001744095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ce35f5cde439192022-02-14 08:44:31.438root 11241100x80000000000000001744096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3a95348fd0028d2022-02-14 08:44:31.439root 11241100x80000000000000001744097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad621b2d064aa5052022-02-14 08:44:31.439root 11241100x80000000000000001744098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b9daf5e69554072022-02-14 08:44:31.439root 11241100x80000000000000001744099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383e132b295a71252022-02-14 08:44:31.439root 11241100x80000000000000001744100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cb7c83158944242022-02-14 08:44:31.440root 11241100x80000000000000001744101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c91e3200342edd42022-02-14 08:44:31.440root 11241100x80000000000000001744102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1c92f4a0c6672b2022-02-14 08:44:31.440root 11241100x80000000000000001744103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238f716f18c04baf2022-02-14 08:44:31.441root 11241100x80000000000000001744104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0803b4c512bc8e132022-02-14 08:44:31.930root 11241100x80000000000000001744105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6908dd68223b0e8a2022-02-14 08:44:31.930root 11241100x80000000000000001744106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3647686873ca932022-02-14 08:44:31.930root 11241100x80000000000000001744107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f460651407419c5d2022-02-14 08:44:31.930root 11241100x80000000000000001744108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a582ddd0c744a11e2022-02-14 08:44:31.930root 11241100x80000000000000001744109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482767ab1c8df03b2022-02-14 08:44:31.930root 11241100x80000000000000001744110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48e5a031ff7f1ab2022-02-14 08:44:31.930root 11241100x80000000000000001744111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6f59b8d82e72d92022-02-14 08:44:31.931root 11241100x80000000000000001744112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b3a90b5696ea7e2022-02-14 08:44:31.931root 11241100x80000000000000001744113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753d1df28299697b2022-02-14 08:44:31.931root 11241100x80000000000000001744114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f0615bbd51a2232022-02-14 08:44:31.931root 11241100x80000000000000001744115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c843389ebc137082022-02-14 08:44:31.931root 11241100x80000000000000001744116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192e5522fbf444702022-02-14 08:44:31.931root 11241100x80000000000000001744117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c110a8a598711b222022-02-14 08:44:31.932root 11241100x80000000000000001744118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfecd473f4f92bb2022-02-14 08:44:31.932root 11241100x80000000000000001744119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1371f374dda0cce2022-02-14 08:44:31.932root 11241100x80000000000000001744120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b2c71bd954f5842022-02-14 08:44:31.932root 11241100x80000000000000001744121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e98fab99e74dea2022-02-14 08:44:31.932root 11241100x80000000000000001744122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ab1e90eb8b8c4b2022-02-14 08:44:31.932root 11241100x80000000000000001744123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ce5849e77b96792022-02-14 08:44:31.933root 11241100x80000000000000001744124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290afdd40b5f7dd62022-02-14 08:44:31.933root 11241100x80000000000000001744125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9f0912a10e7a172022-02-14 08:44:31.934root 11241100x80000000000000001744126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f490d77f240d382022-02-14 08:44:31.934root 11241100x80000000000000001744127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424419726fa671522022-02-14 08:44:31.934root 11241100x80000000000000001744128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cc5ce99db9eae22022-02-14 08:44:31.934root 11241100x80000000000000001744129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3d0a0ffc3260622022-02-14 08:44:31.934root 11241100x80000000000000001744130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4752b0448256ed2022-02-14 08:44:31.934root 11241100x80000000000000001744131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00be668a6a9d47252022-02-14 08:44:31.934root 11241100x80000000000000001744132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3010134bb2f36b0e2022-02-14 08:44:31.934root 11241100x80000000000000001744133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e4db4aa46966a72022-02-14 08:44:31.934root 11241100x80000000000000001744134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61634c6e07a0d08e2022-02-14 08:44:31.934root 11241100x80000000000000001744135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf32a73a2af5f39d2022-02-14 08:44:31.934root 11241100x80000000000000001744136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5df4d7ca4fd8bd2022-02-14 08:44:31.934root 11241100x80000000000000001744137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed93ad649eccc10b2022-02-14 08:44:31.934root 11241100x80000000000000001744138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786ffda532c610302022-02-14 08:44:31.934root 11241100x80000000000000001744139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512ceeee1808106f2022-02-14 08:44:31.934root 11241100x80000000000000001744140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fdd25c0debecd062022-02-14 08:44:31.934root 11241100x80000000000000001744141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faca808c270308022022-02-14 08:44:31.935root 11241100x80000000000000001744142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a95ea05ae44a562022-02-14 08:44:31.935root 11241100x80000000000000001744143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec167e01022de3062022-02-14 08:44:31.935root 11241100x80000000000000001744144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68adb50dc800e3bb2022-02-14 08:44:31.935root 11241100x80000000000000001744145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5894c3a680e97a2022-02-14 08:44:31.935root 11241100x80000000000000001744146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e781f879eb448c092022-02-14 08:44:31.935root 11241100x80000000000000001744147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b0ebab52a8bf932022-02-14 08:44:31.935root 11241100x80000000000000001744148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40bff1e00c897b52022-02-14 08:44:31.935root 11241100x80000000000000001744149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a75a89df456b392022-02-14 08:44:31.935root 11241100x80000000000000001744150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9c13bdc7b111322022-02-14 08:44:31.935root 11241100x80000000000000001744151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534839bffb3e5e7e2022-02-14 08:44:31.935root 11241100x80000000000000001744152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8aa508c1ef9a6d62022-02-14 08:44:31.935root 11241100x80000000000000001744153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbd0111f2c1a11e2022-02-14 08:44:31.935root 11241100x80000000000000001744154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7773c8ba0c0ae6a2022-02-14 08:44:31.935root 11241100x80000000000000001744155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2be125c3c64d832022-02-14 08:44:31.935root 11241100x80000000000000001744156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785f6b8fb68718702022-02-14 08:44:31.936root 11241100x80000000000000001744157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3c66930ecb06572022-02-14 08:44:31.936root 11241100x80000000000000001744158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:31.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ad2b87361c36572022-02-14 08:44:31.936root 11241100x80000000000000001744159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cc119fc72b1c862022-02-14 08:44:32.430root 11241100x80000000000000001744160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21c14ae549bf26b2022-02-14 08:44:32.430root 11241100x80000000000000001744161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263d9bc0052dac552022-02-14 08:44:32.431root 11241100x80000000000000001744162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e920c353aa2eae2022-02-14 08:44:32.431root 11241100x80000000000000001744163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634a378ba37e24c12022-02-14 08:44:32.431root 11241100x80000000000000001744164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73cc91d8a7a04ff02022-02-14 08:44:32.431root 11241100x80000000000000001744165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfa3acc3c82c70f2022-02-14 08:44:32.431root 11241100x80000000000000001744166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8447fd0598099932022-02-14 08:44:32.431root 11241100x80000000000000001744167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1485f8e07c8486232022-02-14 08:44:32.431root 11241100x80000000000000001744168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27b797739cb2e5e2022-02-14 08:44:32.431root 11241100x80000000000000001744169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c21aaf601f8679e2022-02-14 08:44:32.431root 11241100x80000000000000001744170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a11116b2efba0f72022-02-14 08:44:32.431root 11241100x80000000000000001744171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99fc147713e9dfc2022-02-14 08:44:32.431root 11241100x80000000000000001744172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8609ed69d293285a2022-02-14 08:44:32.431root 11241100x80000000000000001744173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82455c84faf3de022022-02-14 08:44:32.432root 11241100x80000000000000001744174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cd492854c118e62022-02-14 08:44:32.432root 11241100x80000000000000001744175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472e0580cb8450292022-02-14 08:44:32.432root 11241100x80000000000000001744176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eaf741f2fa504762022-02-14 08:44:32.432root 11241100x80000000000000001744177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b674a4fc5ce8702022-02-14 08:44:32.432root 11241100x80000000000000001744178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f013b9a0b84fa9102022-02-14 08:44:32.432root 11241100x80000000000000001744179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6329c8c514b36bde2022-02-14 08:44:32.432root 11241100x80000000000000001744180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c27d9b07b708dda2022-02-14 08:44:32.432root 11241100x80000000000000001744181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b5e4fe865f8d562022-02-14 08:44:32.432root 11241100x80000000000000001744182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e5de98e10642422022-02-14 08:44:32.432root 11241100x80000000000000001744183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468f46489d88e3212022-02-14 08:44:32.432root 11241100x80000000000000001744184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b43a0e2ff6e2e012022-02-14 08:44:32.432root 11241100x80000000000000001744185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20b31da0ac69a7b2022-02-14 08:44:32.432root 11241100x80000000000000001744186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff73f215c17fd3e32022-02-14 08:44:32.432root 11241100x80000000000000001744187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cdfae0aef4bec72022-02-14 08:44:32.432root 11241100x80000000000000001744188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5727310ef47813ef2022-02-14 08:44:32.432root 11241100x80000000000000001744189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e8095e95d5b7742022-02-14 08:44:32.433root 11241100x80000000000000001744190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3398d3c7561f70a2022-02-14 08:44:32.433root 11241100x80000000000000001744191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b379b232c9b15472022-02-14 08:44:32.433root 11241100x80000000000000001744192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c187616054e8398f2022-02-14 08:44:32.433root 11241100x80000000000000001744193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda0445cc532fb5f2022-02-14 08:44:32.433root 11241100x80000000000000001744194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b410e2478f4a85792022-02-14 08:44:32.433root 11241100x80000000000000001744195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115d6ed857dd16222022-02-14 08:44:32.433root 11241100x80000000000000001744196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f064f424202f8f102022-02-14 08:44:32.433root 11241100x80000000000000001744197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594a97a928932ec02022-02-14 08:44:32.433root 11241100x80000000000000001744198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c39e7a9a4c80be2022-02-14 08:44:32.433root 11241100x80000000000000001744199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2760e76e03c63ed22022-02-14 08:44:32.433root 11241100x80000000000000001744200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fd5d0ec14260af2022-02-14 08:44:32.433root 11241100x80000000000000001744201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776e1fc640e6e2ed2022-02-14 08:44:32.433root 11241100x80000000000000001744202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649c8e2a218932f22022-02-14 08:44:32.930root 11241100x80000000000000001744203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80725b2fd364f212022-02-14 08:44:32.930root 11241100x80000000000000001744204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b3b52288c96ff62022-02-14 08:44:32.930root 11241100x80000000000000001744205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7db4b0c1e888482022-02-14 08:44:32.930root 11241100x80000000000000001744206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1516103b7e0286322022-02-14 08:44:32.930root 11241100x80000000000000001744207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ae0dcae826750d2022-02-14 08:44:32.930root 11241100x80000000000000001744208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cff41de27d2cd92022-02-14 08:44:32.930root 11241100x80000000000000001744209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e4799752aba7c22022-02-14 08:44:32.930root 11241100x80000000000000001744210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad2b706e21d996d2022-02-14 08:44:32.930root 11241100x80000000000000001744211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb76937bb7e126042022-02-14 08:44:32.931root 11241100x80000000000000001744212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672fd000dadbcda62022-02-14 08:44:32.931root 11241100x80000000000000001744213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6ccacfb20ab50b2022-02-14 08:44:32.931root 11241100x80000000000000001744214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eaf65b2f4c8eee12022-02-14 08:44:32.931root 11241100x80000000000000001744215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6ac61b5e4f1d852022-02-14 08:44:32.931root 11241100x80000000000000001744216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8668a29765ed9a662022-02-14 08:44:32.931root 11241100x80000000000000001744217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f59d6e907b78aea2022-02-14 08:44:32.931root 11241100x80000000000000001744218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2299337c1bc3e5572022-02-14 08:44:32.931root 11241100x80000000000000001744219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3688d171d3b0e6f2022-02-14 08:44:32.931root 11241100x80000000000000001744220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd2568c5a4f96fe2022-02-14 08:44:32.931root 11241100x80000000000000001744221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b133b72a7f2d4c2022-02-14 08:44:32.931root 11241100x80000000000000001744222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb74818ac04739d22022-02-14 08:44:32.932root 11241100x80000000000000001744223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3311540c4bfe56362022-02-14 08:44:32.932root 11241100x80000000000000001744224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3255cf974d726742022-02-14 08:44:32.932root 11241100x80000000000000001744225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44f12309db3955d2022-02-14 08:44:32.932root 11241100x80000000000000001744226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da39671ad5176c432022-02-14 08:44:32.932root 11241100x80000000000000001744227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cecdc740688b5c2022-02-14 08:44:32.932root 11241100x80000000000000001744228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2ec36c66ad2f052022-02-14 08:44:32.932root 11241100x80000000000000001744229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea7e4b13de83e1d2022-02-14 08:44:32.932root 11241100x80000000000000001744230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0c217314590f892022-02-14 08:44:32.932root 11241100x80000000000000001744231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6121b3dc8458badc2022-02-14 08:44:32.932root 11241100x80000000000000001744232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d866c701dab29202022-02-14 08:44:32.932root 11241100x80000000000000001744233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed79a5e2ab0dea72022-02-14 08:44:32.933root 11241100x80000000000000001744234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4548e9e318018b2022-02-14 08:44:32.933root 11241100x80000000000000001744235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b35af009501c1e2022-02-14 08:44:32.933root 11241100x80000000000000001744236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99b0a4cfe847b922022-02-14 08:44:32.933root 11241100x80000000000000001744237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35829c521f1645f2022-02-14 08:44:32.933root 11241100x80000000000000001744238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709793a0e0b88a6b2022-02-14 08:44:32.936root 11241100x80000000000000001744239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed2afb2f20ed8332022-02-14 08:44:32.936root 11241100x80000000000000001744240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a1c1520f8b88e92022-02-14 08:44:32.937root 11241100x80000000000000001744241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c277523f9fc5c8b72022-02-14 08:44:32.937root 11241100x80000000000000001744242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a351988ce8ee4fe12022-02-14 08:44:32.937root 11241100x80000000000000001744243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218f5919c8351e5a2022-02-14 08:44:32.937root 11241100x80000000000000001744244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbc69966c7b79342022-02-14 08:44:32.938root 11241100x80000000000000001744245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c482a09ff9e2ec3e2022-02-14 08:44:32.938root 11241100x80000000000000001744246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbc4d956d5b7e102022-02-14 08:44:32.939root 11241100x80000000000000001744247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a1802210680eeb2022-02-14 08:44:32.939root 11241100x80000000000000001744248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:32.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead667270c16f3992022-02-14 08:44:32.939root 11241100x80000000000000001744249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d17cd3bf6c394dd2022-02-14 08:44:33.429root 11241100x80000000000000001744250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135904eb46101a3b2022-02-14 08:44:33.430root 11241100x80000000000000001744251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445980959340f0102022-02-14 08:44:33.430root 11241100x80000000000000001744252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd80e2f09e688412022-02-14 08:44:33.430root 11241100x80000000000000001744253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd323c0aabfd25a2022-02-14 08:44:33.430root 11241100x80000000000000001744254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82125cd2af32e662022-02-14 08:44:33.430root 11241100x80000000000000001744255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8190b4d27c85584a2022-02-14 08:44:33.430root 11241100x80000000000000001744256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800b4a39e68ae4bc2022-02-14 08:44:33.431root 11241100x80000000000000001744257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc11cf6118dbc8772022-02-14 08:44:33.431root 11241100x80000000000000001744258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4cd1cf4e5f73b32022-02-14 08:44:33.431root 11241100x80000000000000001744259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5827c894f1578b2022-02-14 08:44:33.431root 11241100x80000000000000001744260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0183fdf8e547442022-02-14 08:44:33.431root 11241100x80000000000000001744261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35e9badfc1ec1982022-02-14 08:44:33.432root 11241100x80000000000000001744262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1953cf3158010b332022-02-14 08:44:33.432root 11241100x80000000000000001744263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f547a283e8f984532022-02-14 08:44:33.432root 11241100x80000000000000001744264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc274b571c13c8c2022-02-14 08:44:33.432root 11241100x80000000000000001744265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6cb3852bf7121f2022-02-14 08:44:33.432root 11241100x80000000000000001744266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c278f9fb409a6452022-02-14 08:44:33.433root 11241100x80000000000000001744267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8357df236678b02022-02-14 08:44:33.433root 11241100x80000000000000001744268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b60ec1332440da2022-02-14 08:44:33.433root 11241100x80000000000000001744269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbc14856d7ae8b32022-02-14 08:44:33.434root 11241100x80000000000000001744270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c3ddafc370cb822022-02-14 08:44:33.434root 11241100x80000000000000001744271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3815047f01151d2022-02-14 08:44:33.434root 11241100x80000000000000001744272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12ef0dec444cb8d2022-02-14 08:44:33.434root 11241100x80000000000000001744273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05516197a8565852022-02-14 08:44:33.434root 11241100x80000000000000001744274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db35661a2f6558af2022-02-14 08:44:33.435root 11241100x80000000000000001744275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f044d1048c23ade32022-02-14 08:44:33.435root 11241100x80000000000000001744276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9a6e93bf51c4842022-02-14 08:44:33.435root 11241100x80000000000000001744277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460887663340a6a72022-02-14 08:44:33.435root 11241100x80000000000000001744278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a3bc2d58bfa8fe2022-02-14 08:44:33.435root 11241100x80000000000000001744279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4abe36e7ed7ff612022-02-14 08:44:33.436root 11241100x80000000000000001744280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3a5db4e10cb69a2022-02-14 08:44:33.436root 11241100x80000000000000001744281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040046c8d2cb97092022-02-14 08:44:33.436root 11241100x80000000000000001744282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcea874937f4ee932022-02-14 08:44:33.436root 11241100x80000000000000001744283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35800bbe2b9804272022-02-14 08:44:33.436root 11241100x80000000000000001744284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82397d2cffad78552022-02-14 08:44:33.436root 11241100x80000000000000001744285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b6d7bcddcce0f82022-02-14 08:44:33.437root 11241100x80000000000000001744286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9ce3adb090d4442022-02-14 08:44:33.437root 11241100x80000000000000001744287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886aa9cc49f2a9cb2022-02-14 08:44:33.438root 11241100x80000000000000001744288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d87293f062c78e12022-02-14 08:44:33.438root 11241100x80000000000000001744289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488beb8d23973cef2022-02-14 08:44:33.438root 11241100x80000000000000001744290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad95bf9d5e8a6412022-02-14 08:44:33.438root 11241100x80000000000000001744291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003b37e8bda4b3322022-02-14 08:44:33.438root 11241100x80000000000000001744292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c57f0981928c4d42022-02-14 08:44:33.439root 11241100x80000000000000001744293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a1fad7fa2e0c922022-02-14 08:44:33.439root 11241100x80000000000000001744294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a143ec95beb7cffb2022-02-14 08:44:33.439root 11241100x80000000000000001744295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc239ab900fc66a62022-02-14 08:44:33.439root 11241100x80000000000000001744296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb32e2c26ec116b2022-02-14 08:44:33.439root 11241100x80000000000000001744297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9259de9e1e628b2022-02-14 08:44:33.439root 11241100x80000000000000001744298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c77551befa56e52022-02-14 08:44:33.439root 11241100x80000000000000001744299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b10efa6fb97be582022-02-14 08:44:33.440root 11241100x80000000000000001744300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cd0ec16dec93462022-02-14 08:44:33.440root 11241100x80000000000000001744301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa825a05ba7e89312022-02-14 08:44:33.440root 11241100x80000000000000001744302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f589e9d8e4b4a72022-02-14 08:44:33.440root 11241100x80000000000000001744303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a903dbfdc6a67d4e2022-02-14 08:44:33.440root 11241100x80000000000000001744304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca66c14f147fadb2022-02-14 08:44:33.440root 11241100x80000000000000001744305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783f13b2f5304b3d2022-02-14 08:44:33.440root 154100x80000000000000001744306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.755{ec2ab09f-1671-620a-6824-148b70550000}1884/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2ab09f-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}871--- 11241100x80000000000000001744307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.757{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9258fc1376cb1d842022-02-14 08:44:33.757root 11241100x80000000000000001744308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.757{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfb0b55564a356e2022-02-14 08:44:33.757root 11241100x80000000000000001744309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.757{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937728548193464d2022-02-14 08:44:33.757root 11241100x80000000000000001744310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.757{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef6e445c5e389662022-02-14 08:44:33.757root 11241100x80000000000000001744311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.758{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb0953c9bb6e3c72022-02-14 08:44:33.758root 11241100x80000000000000001744312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.758{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096ceb59cb441a632022-02-14 08:44:33.758root 11241100x80000000000000001744313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.758{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36adc2d08904dafd2022-02-14 08:44:33.758root 11241100x80000000000000001744314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.758{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582d39a9b909df7a2022-02-14 08:44:33.758root 11241100x80000000000000001744315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.758{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30082595f1138962022-02-14 08:44:33.758root 11241100x80000000000000001744316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.758{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab83f534af8c04a42022-02-14 08:44:33.758root 11241100x80000000000000001744317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.758{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f074aeb7db6b9ecc2022-02-14 08:44:33.758root 11241100x80000000000000001744318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.758{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eceae6b086f4781d2022-02-14 08:44:33.758root 11241100x80000000000000001744319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.759{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df4c111bffa13662022-02-14 08:44:33.759root 11241100x80000000000000001744320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.759{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd22c58f537aa1b2022-02-14 08:44:33.759root 11241100x80000000000000001744321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.759{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98dbb6c077d78b12022-02-14 08:44:33.759root 11241100x80000000000000001744322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.759{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f628825764e605e62022-02-14 08:44:33.759root 11241100x80000000000000001744323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.759{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c64741acae5c7b2022-02-14 08:44:33.759root 11241100x80000000000000001744324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.759{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a95814412370d3b2022-02-14 08:44:33.759root 11241100x80000000000000001744325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.759{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9676fd284aedc02022-02-14 08:44:33.759root 11241100x80000000000000001744326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.759{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe12de4a38ace522022-02-14 08:44:33.759root 11241100x80000000000000001744327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.760{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ceda2706787794b2022-02-14 08:44:33.760root 11241100x80000000000000001744328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.760{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53deb4b59c5574792022-02-14 08:44:33.760root 11241100x80000000000000001744329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.760{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9658135ef815403d2022-02-14 08:44:33.760root 11241100x80000000000000001744330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.760{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4efa3d477dc77a492022-02-14 08:44:33.760root 11241100x80000000000000001744331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.760{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f03677434aab202022-02-14 08:44:33.760root 11241100x80000000000000001744332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.761{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed981e2cd186b7fb2022-02-14 08:44:33.761root 11241100x80000000000000001744333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.761{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c951aae041928f3c2022-02-14 08:44:33.761root 11241100x80000000000000001744334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.761{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8177e57703e51c2022-02-14 08:44:33.761root 11241100x80000000000000001744335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.761{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4fc6e0d41e34c92022-02-14 08:44:33.761root 11241100x80000000000000001744336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.761{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d74960ec3dca342022-02-14 08:44:33.761root 11241100x80000000000000001744337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.762{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d99e06e037509482022-02-14 08:44:33.762root 11241100x80000000000000001744338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.762{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96388e418a7648792022-02-14 08:44:33.762root 11241100x80000000000000001744339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.762{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a728c61cbcb42c12022-02-14 08:44:33.762root 11241100x80000000000000001744340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.762{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfaa18250645a2d12022-02-14 08:44:33.762root 11241100x80000000000000001744341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.763{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a55deebb965f9482022-02-14 08:44:33.763root 11241100x80000000000000001744342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.763{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62862edabbbd56a2022-02-14 08:44:33.763root 11241100x80000000000000001744343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.763{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1834ff8597dac3982022-02-14 08:44:33.763root 11241100x80000000000000001744344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.763{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd2595455042d1e2022-02-14 08:44:33.763root 11241100x80000000000000001744345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.763{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf043ecdd900d5e2022-02-14 08:44:33.763root 11241100x80000000000000001744346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.764{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6dd60b04fab71c2022-02-14 08:44:33.764root 11241100x80000000000000001744347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.764{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c034cdc8a8365d332022-02-14 08:44:33.764root 11241100x80000000000000001744348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.764{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87c794ab4c779b32022-02-14 08:44:33.764root 11241100x80000000000000001744349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.764{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368b5dee69588aeb2022-02-14 08:44:33.764root 11241100x80000000000000001744350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.764{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29f64bd383602052022-02-14 08:44:33.764root 11241100x80000000000000001744351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.764{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8571c2fa756a9a142022-02-14 08:44:33.764root 11241100x80000000000000001744352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.764{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c413edba715a37f72022-02-14 08:44:33.764root 11241100x80000000000000001744353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.764{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51c59ea43bf248f2022-02-14 08:44:33.764root 11241100x80000000000000001744354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.765{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83311b72577fe8972022-02-14 08:44:33.765root 11241100x80000000000000001744355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.765{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b3daf10d4b8b1f2022-02-14 08:44:33.765root 11241100x80000000000000001744356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.765{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4272c95a2b4e0cd02022-02-14 08:44:33.765root 11241100x80000000000000001744357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.765{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad91c07f02d47592022-02-14 08:44:33.765root 11241100x80000000000000001744358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.765{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f45ad03a5c3db242022-02-14 08:44:33.765root 11241100x80000000000000001744359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.765{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59179486d9d94a1d2022-02-14 08:44:33.765root 11241100x80000000000000001744360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.765{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3290c3cb716f392022-02-14 08:44:33.765root 11241100x80000000000000001744361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.765{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35933d16403ecce82022-02-14 08:44:33.765root 11241100x80000000000000001744362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.765{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea56d896c932b2c22022-02-14 08:44:33.765root 11241100x80000000000000001744363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.765{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e28dfa950994362022-02-14 08:44:33.765root 11241100x80000000000000001744364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.766{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5043a9faa971212022-02-14 08:44:33.766root 11241100x80000000000000001744365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.766{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236597aa21d079ec2022-02-14 08:44:33.766root 11241100x80000000000000001744366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.766{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d6945495d0242a2022-02-14 08:44:33.766root 11241100x80000000000000001744367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.766{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69769143316ef8212022-02-14 08:44:33.766root 11241100x80000000000000001744368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.766{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3067bf1fc86bd62022-02-14 08:44:33.766root 11241100x80000000000000001744369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.766{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b64ef47116d38e62022-02-14 08:44:33.766root 11241100x80000000000000001744370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.766{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218436e7eaabcae52022-02-14 08:44:33.766root 11241100x80000000000000001744371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.766{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eefd27eefddd90d2022-02-14 08:44:33.766root 11241100x80000000000000001744372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.767{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72a036731139f992022-02-14 08:44:33.767root 11241100x80000000000000001744373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.767{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b0b278aaf5bb552022-02-14 08:44:33.767root 11241100x80000000000000001744374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.767{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb35d311990298f2022-02-14 08:44:33.767root 534500x80000000000000001744375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:33.783{ec2ab09f-1671-620a-6824-148b70550000}1884/bin/psroot 354300x80000000000000001744376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.101{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51490-false10.0.1.12-8000- 11241100x80000000000000001744377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.102{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3752d84828c7d4652022-02-14 08:44:34.102root 11241100x80000000000000001744378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.102{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a575231adc1710172022-02-14 08:44:34.102root 11241100x80000000000000001744379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.102{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc236be74d346b62022-02-14 08:44:34.102root 11241100x80000000000000001744380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.102{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753a06c626b4a14e2022-02-14 08:44:34.102root 11241100x80000000000000001744381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.103{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3d3bdf9c96bf6d2022-02-14 08:44:34.103root 11241100x80000000000000001744382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.103{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bd72ce3370c3132022-02-14 08:44:34.103root 11241100x80000000000000001744383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.103{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50376c0ff7c0f8b2022-02-14 08:44:34.103root 11241100x80000000000000001744384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.103{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0aad36039005802022-02-14 08:44:34.103root 11241100x80000000000000001744385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.103{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee75d0abb3293f12022-02-14 08:44:34.103root 11241100x80000000000000001744386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.103{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e4b825bdb2c3742022-02-14 08:44:34.103root 11241100x80000000000000001744387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.104{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ade8425d71806ed2022-02-14 08:44:34.104root 11241100x80000000000000001744388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.104{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5204d06462692a2a2022-02-14 08:44:34.104root 11241100x80000000000000001744389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.104{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47bf5df9813d4f22022-02-14 08:44:34.104root 11241100x80000000000000001744390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.104{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229f74c624ac3a002022-02-14 08:44:34.104root 11241100x80000000000000001744391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.104{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888c5c46f03449672022-02-14 08:44:34.104root 11241100x80000000000000001744392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.104{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c633f9a47102c4ab2022-02-14 08:44:34.104root 11241100x80000000000000001744393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.104{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bbedfb65feb5342022-02-14 08:44:34.104root 11241100x80000000000000001744394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.104{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815d65eab35737d62022-02-14 08:44:34.104root 11241100x80000000000000001744395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.104{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c7b9d44a2984ea2022-02-14 08:44:34.104root 11241100x80000000000000001744396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9fdf37fd1cd4322022-02-14 08:44:34.105root 11241100x80000000000000001744397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358b4fd81cd3028b2022-02-14 08:44:34.105root 11241100x80000000000000001744398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fb703eaa16741c2022-02-14 08:44:34.105root 11241100x80000000000000001744399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8792a214f15cdc822022-02-14 08:44:34.105root 11241100x80000000000000001744400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c867a20427ccca692022-02-14 08:44:34.106root 11241100x80000000000000001744401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12a5190f435b2402022-02-14 08:44:34.106root 11241100x80000000000000001744402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc971088672bca6c2022-02-14 08:44:34.107root 11241100x80000000000000001744403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcbabec6e0bb98a2022-02-14 08:44:34.107root 11241100x80000000000000001744404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069b97f85e7bb47b2022-02-14 08:44:34.107root 11241100x80000000000000001744405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcf6b1a3230cbd12022-02-14 08:44:34.107root 11241100x80000000000000001744406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894acff0afc52c8e2022-02-14 08:44:34.108root 11241100x80000000000000001744407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ada6777e07561e2022-02-14 08:44:34.108root 11241100x80000000000000001744408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0b3589833b94df2022-02-14 08:44:34.108root 11241100x80000000000000001744409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc17989ff88aff92022-02-14 08:44:34.108root 11241100x80000000000000001744410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63241f46ca0a63482022-02-14 08:44:34.108root 11241100x80000000000000001744411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bb86e9c68863222022-02-14 08:44:34.108root 11241100x80000000000000001744412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326796f4d4d721832022-02-14 08:44:34.108root 11241100x80000000000000001744413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205628ccf3b62aa22022-02-14 08:44:34.108root 11241100x80000000000000001744414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a5c8d4596b5fda2022-02-14 08:44:34.108root 11241100x80000000000000001744415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3102262d68987632022-02-14 08:44:34.108root 11241100x80000000000000001744416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47a67f4377a6cd32022-02-14 08:44:34.109root 11241100x80000000000000001744417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4406c7f4f40a0ec2022-02-14 08:44:34.109root 11241100x80000000000000001744418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634860c658c1f63e2022-02-14 08:44:34.109root 11241100x80000000000000001744419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f01dc7ed7c310d2022-02-14 08:44:34.109root 11241100x80000000000000001744420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c16bf2612685872022-02-14 08:44:34.109root 11241100x80000000000000001744421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a66dfeb8600fac42022-02-14 08:44:34.109root 11241100x80000000000000001744422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d06db87cc37a6742022-02-14 08:44:34.109root 11241100x80000000000000001744423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4f88baf683acb42022-02-14 08:44:34.109root 11241100x80000000000000001744424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37ed12da7582a6b2022-02-14 08:44:34.109root 11241100x80000000000000001744425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8858b633636e6552022-02-14 08:44:34.109root 11241100x80000000000000001744426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcdc7357c197cfe2022-02-14 08:44:34.110root 11241100x80000000000000001744427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b5fe84f9e6a7352022-02-14 08:44:34.110root 11241100x80000000000000001744428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3aa74d579498422022-02-14 08:44:34.110root 11241100x80000000000000001744429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3904ba7fbfb5c7e2022-02-14 08:44:34.110root 11241100x80000000000000001744430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c50ce840e920962022-02-14 08:44:34.110root 11241100x80000000000000001744431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3b813bdc44f0762022-02-14 08:44:34.110root 11241100x80000000000000001744432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1952a05f1d332d82022-02-14 08:44:34.110root 11241100x80000000000000001744433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c526275cf1489a2022-02-14 08:44:34.110root 11241100x80000000000000001744434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee52035f77f242482022-02-14 08:44:34.110root 11241100x80000000000000001744435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0bec2ba5e51c5d2022-02-14 08:44:34.110root 11241100x80000000000000001744436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b82ee7cfa446a0e2022-02-14 08:44:34.110root 11241100x80000000000000001744437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37bd01b48f485a942022-02-14 08:44:34.111root 11241100x80000000000000001744438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730b60925e452bee2022-02-14 08:44:34.111root 11241100x80000000000000001744439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9a8e4362cefd0a2022-02-14 08:44:34.111root 11241100x80000000000000001744440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47a90b7044a79b12022-02-14 08:44:34.111root 11241100x80000000000000001744441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270d139e32493cf92022-02-14 08:44:34.111root 11241100x80000000000000001744442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86f098385ee74942022-02-14 08:44:34.111root 11241100x80000000000000001744443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979ff5670a1a27952022-02-14 08:44:34.111root 11241100x80000000000000001744444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b968507e235defd2022-02-14 08:44:34.111root 11241100x80000000000000001744445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb62a31147e20be2022-02-14 08:44:34.111root 11241100x80000000000000001744446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75af9431b22790f02022-02-14 08:44:34.111root 11241100x80000000000000001744447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a542b5b54ac6812022-02-14 08:44:34.111root 11241100x80000000000000001744448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334122111ae4321e2022-02-14 08:44:34.111root 11241100x80000000000000001744449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.112{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988a9458ff01f06a2022-02-14 08:44:34.112root 11241100x80000000000000001744450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.112{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e02eb1c8421704d2022-02-14 08:44:34.112root 11241100x80000000000000001744451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a59410595bf83b2022-02-14 08:44:34.430root 11241100x80000000000000001744452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf091ef453cb74f2022-02-14 08:44:34.430root 11241100x80000000000000001744453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eadd2c0b8ea89f02022-02-14 08:44:34.430root 11241100x80000000000000001744454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f228cb8807b4232022-02-14 08:44:34.430root 11241100x80000000000000001744455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7024c16149790b402022-02-14 08:44:34.430root 11241100x80000000000000001744456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776ac6d32f44e9e82022-02-14 08:44:34.431root 11241100x80000000000000001744457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29eac7cea3081e52022-02-14 08:44:34.431root 11241100x80000000000000001744458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28366f26799820892022-02-14 08:44:34.431root 11241100x80000000000000001744459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be98a93c5feaeec2022-02-14 08:44:34.431root 11241100x80000000000000001744460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0f5c1b0c66ebda2022-02-14 08:44:34.431root 11241100x80000000000000001744461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1b47e590eca6442022-02-14 08:44:34.431root 11241100x80000000000000001744462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23d90faa63ba19e2022-02-14 08:44:34.431root 11241100x80000000000000001744463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92de22b919cd408a2022-02-14 08:44:34.431root 11241100x80000000000000001744464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf256e5f6164e422022-02-14 08:44:34.431root 11241100x80000000000000001744465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13a7c48d27c87d52022-02-14 08:44:34.431root 11241100x80000000000000001744466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ae2c022e6539e52022-02-14 08:44:34.432root 11241100x80000000000000001744467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb7baa9f5d8d4bd2022-02-14 08:44:34.432root 11241100x80000000000000001744468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4cca70bb2e28142022-02-14 08:44:34.432root 11241100x80000000000000001744469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52725de832ec3ef2022-02-14 08:44:34.432root 11241100x80000000000000001744470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e3bb43d4aebee12022-02-14 08:44:34.432root 11241100x80000000000000001744471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11684167d89d3e812022-02-14 08:44:34.432root 11241100x80000000000000001744472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f7dda2789561c62022-02-14 08:44:34.432root 11241100x80000000000000001744473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ca73eee6b49db72022-02-14 08:44:34.432root 11241100x80000000000000001744474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574cf18fe5e313d82022-02-14 08:44:34.433root 11241100x80000000000000001744475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185fe75001a390be2022-02-14 08:44:34.433root 11241100x80000000000000001744476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a727eebb83a9a9d12022-02-14 08:44:34.433root 11241100x80000000000000001744477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce0d8b60014afbf2022-02-14 08:44:34.433root 11241100x80000000000000001744478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0595a7f22d5f69792022-02-14 08:44:34.434root 11241100x80000000000000001744479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7545f79d7a203ffd2022-02-14 08:44:34.434root 11241100x80000000000000001744480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e55d57168316fb2022-02-14 08:44:34.435root 11241100x80000000000000001744481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74f495eb724cc232022-02-14 08:44:34.435root 11241100x80000000000000001744482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca68ef87d81212b62022-02-14 08:44:34.435root 11241100x80000000000000001744483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721655d25cb5adf92022-02-14 08:44:34.435root 11241100x80000000000000001744484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d55b0a127b4fdcd2022-02-14 08:44:34.435root 11241100x80000000000000001744485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf21d5ca947a0d62022-02-14 08:44:34.435root 11241100x80000000000000001744486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d06e2e185e444dd2022-02-14 08:44:34.436root 11241100x80000000000000001744487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a2fefcec623a3f2022-02-14 08:44:34.437root 11241100x80000000000000001744488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7a59baaaeca6682022-02-14 08:44:34.437root 11241100x80000000000000001744489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8150bc930b8a19542022-02-14 08:44:34.438root 11241100x80000000000000001744490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a171cd665876912022-02-14 08:44:34.438root 11241100x80000000000000001744491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cbbd93087e62572022-02-14 08:44:34.439root 11241100x80000000000000001744492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358b9f25b3bb8e7d2022-02-14 08:44:34.439root 11241100x80000000000000001744493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623c5785122155cc2022-02-14 08:44:34.439root 11241100x80000000000000001744494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f88a152294d1f332022-02-14 08:44:34.439root 11241100x80000000000000001744495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8978379c55f55842022-02-14 08:44:34.439root 11241100x80000000000000001744496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a9759e7d557e3d2022-02-14 08:44:34.439root 11241100x80000000000000001744497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec451ab6d8116d92022-02-14 08:44:34.439root 11241100x80000000000000001744498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e6d9ffe90be77e2022-02-14 08:44:34.440root 11241100x80000000000000001744499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612070d648532c142022-02-14 08:44:34.440root 11241100x80000000000000001744500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef915979b990fe72022-02-14 08:44:34.440root 11241100x80000000000000001744501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0fb6776cdc03362022-02-14 08:44:34.441root 11241100x80000000000000001744502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29074a1d70fdc4b72022-02-14 08:44:34.442root 11241100x80000000000000001744503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8947fa60e041a0a92022-02-14 08:44:34.442root 11241100x80000000000000001744504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a79d169629f2602022-02-14 08:44:34.442root 11241100x80000000000000001744505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0c9b08d850329c2022-02-14 08:44:34.442root 11241100x80000000000000001744506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d0841de6fa72d12022-02-14 08:44:34.442root 11241100x80000000000000001744507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0506108f7ef033bc2022-02-14 08:44:34.443root 11241100x80000000000000001744508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f72c303c7510f52022-02-14 08:44:34.443root 11241100x80000000000000001744509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.443{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7745a11ae6855e2022-02-14 08:44:34.443root 11241100x80000000000000001744510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.444{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28e45d7bba0c2722022-02-14 08:44:34.444root 11241100x80000000000000001744511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.444{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069a4d0ecb66eab92022-02-14 08:44:34.444root 11241100x80000000000000001744512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.444{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e739821c7e5b8b2022-02-14 08:44:34.444root 11241100x80000000000000001744513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.444{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a23bcbbfbf3d512022-02-14 08:44:34.444root 11241100x80000000000000001744514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.444{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b35b52251775be32022-02-14 08:44:34.444root 11241100x80000000000000001744515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.445{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04057172299929b2022-02-14 08:44:34.445root 11241100x80000000000000001744516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.445{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918e6a2a5f01953b2022-02-14 08:44:34.445root 11241100x80000000000000001744517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.445{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d22581d62b2cdb2022-02-14 08:44:34.445root 11241100x80000000000000001744518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.445{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4e8b2a756d093f2022-02-14 08:44:34.445root 11241100x80000000000000001744519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.446{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ff11d0f7d2d1542022-02-14 08:44:34.446root 11241100x80000000000000001744520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.446{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e2e09d32e02aaf2022-02-14 08:44:34.446root 11241100x80000000000000001744521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.446{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788081350614d6962022-02-14 08:44:34.446root 11241100x80000000000000001744522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.446{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3357b2263e1a9a5b2022-02-14 08:44:34.446root 11241100x80000000000000001744523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.447{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5088f36110a55f2022-02-14 08:44:34.447root 11241100x80000000000000001744524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.447{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba6727211b31cb42022-02-14 08:44:34.447root 11241100x80000000000000001744525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.447{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb42a97f0529030b2022-02-14 08:44:34.447root 11241100x80000000000000001744526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.447{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce3c6ba65b897352022-02-14 08:44:34.447root 11241100x80000000000000001744527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.448{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad533f5c65ca6d6a2022-02-14 08:44:34.448root 11241100x80000000000000001744528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.448{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b18e58ad94c2ad2022-02-14 08:44:34.448root 11241100x80000000000000001744529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7aa806859c483282022-02-14 08:44:34.929root 11241100x80000000000000001744530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f7c270148e2bdd2022-02-14 08:44:34.930root 11241100x80000000000000001744531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2183f5ec05298bad2022-02-14 08:44:34.930root 11241100x80000000000000001744532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6879701f8ded7d2022-02-14 08:44:34.930root 11241100x80000000000000001744533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5a0169d3d6f2d62022-02-14 08:44:34.931root 11241100x80000000000000001744534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cff1aa168142bd2022-02-14 08:44:34.931root 11241100x80000000000000001744535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9f0e2f1478339f2022-02-14 08:44:34.931root 11241100x80000000000000001744536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5397f789246fe9352022-02-14 08:44:34.931root 11241100x80000000000000001744537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1f7f4a46eaa8002022-02-14 08:44:34.931root 11241100x80000000000000001744538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3f7ecbb0acc3612022-02-14 08:44:34.931root 11241100x80000000000000001744539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa21ec56c6ef985e2022-02-14 08:44:34.931root 11241100x80000000000000001744540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c618dc43c95d9c2022-02-14 08:44:34.931root 11241100x80000000000000001744541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6241bcd9a68a63c92022-02-14 08:44:34.932root 11241100x80000000000000001744542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4aecf7218d3c032022-02-14 08:44:34.932root 11241100x80000000000000001744543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fafd57418d9bb22022-02-14 08:44:34.932root 11241100x80000000000000001744544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd45e5373bca89f72022-02-14 08:44:34.932root 11241100x80000000000000001744545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6170935c9a539002022-02-14 08:44:34.932root 11241100x80000000000000001744546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8363f747a69622fd2022-02-14 08:44:34.932root 11241100x80000000000000001744547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4144211dc601fe9a2022-02-14 08:44:34.932root 11241100x80000000000000001744548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4033370173e951312022-02-14 08:44:34.932root 11241100x80000000000000001744549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8989b7ea684d1cdf2022-02-14 08:44:34.933root 11241100x80000000000000001744550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6064a7b29bbf74c2022-02-14 08:44:34.933root 11241100x80000000000000001744551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b5b1ca773712f72022-02-14 08:44:34.933root 11241100x80000000000000001744552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a92d008e02216df2022-02-14 08:44:34.933root 11241100x80000000000000001744553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f69f8d4d9cdeae2022-02-14 08:44:34.933root 11241100x80000000000000001744554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2520206a9dc4d222022-02-14 08:44:34.933root 11241100x80000000000000001744555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d7c4a20665f6bf2022-02-14 08:44:34.933root 11241100x80000000000000001744556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d65dd678ab6b3062022-02-14 08:44:34.933root 11241100x80000000000000001744557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2a30f4cf15fe8c2022-02-14 08:44:34.933root 11241100x80000000000000001744558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7459423e42f01d8b2022-02-14 08:44:34.933root 11241100x80000000000000001744559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538ef92dae9126fc2022-02-14 08:44:34.934root 11241100x80000000000000001744560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14738234924e8aa2022-02-14 08:44:34.934root 11241100x80000000000000001744561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adff57569b42ff582022-02-14 08:44:34.934root 11241100x80000000000000001744562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca4f691437d9b2e2022-02-14 08:44:34.934root 11241100x80000000000000001744563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a094c141cd799fb2022-02-14 08:44:34.934root 11241100x80000000000000001744564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9b0071bc31a3182022-02-14 08:44:34.934root 11241100x80000000000000001744565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d948d9db686d72852022-02-14 08:44:34.934root 11241100x80000000000000001744566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79655180ae1140b52022-02-14 08:44:34.934root 11241100x80000000000000001744567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58947eadcf632e22022-02-14 08:44:34.934root 11241100x80000000000000001744568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80876cb4eb0ee6c2022-02-14 08:44:34.934root 11241100x80000000000000001744569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4275c08e6e52b1522022-02-14 08:44:34.935root 11241100x80000000000000001744570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d4faa5860ffb402022-02-14 08:44:34.935root 11241100x80000000000000001744571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a009074120fd7032022-02-14 08:44:34.935root 11241100x80000000000000001744572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30002b851ba05a532022-02-14 08:44:34.935root 11241100x80000000000000001744573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6177bd83f00de82022-02-14 08:44:34.935root 11241100x80000000000000001744574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110ba110c13a1dfb2022-02-14 08:44:34.935root 11241100x80000000000000001744575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fd19496f2292792022-02-14 08:44:34.935root 11241100x80000000000000001744576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b5fd3ccfebbfcb2022-02-14 08:44:34.935root 11241100x80000000000000001744577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d16f7c8176774882022-02-14 08:44:34.936root 11241100x80000000000000001744578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b85ed1e78f25e82022-02-14 08:44:34.936root 11241100x80000000000000001744579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f94f5285ec39292022-02-14 08:44:34.937root 11241100x80000000000000001744580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48c71e69846a3b82022-02-14 08:44:34.937root 11241100x80000000000000001744581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fa5d5cdefc44982022-02-14 08:44:34.937root 11241100x80000000000000001744582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbea612d5c316d62022-02-14 08:44:34.937root 11241100x80000000000000001744583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf434ee8ec4dc8192022-02-14 08:44:34.938root 11241100x80000000000000001744584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f97390108a0755c2022-02-14 08:44:34.939root 11241100x80000000000000001744585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b5ff9bf87be7bf2022-02-14 08:44:34.939root 11241100x80000000000000001744586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:34.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a43def56bd161272022-02-14 08:44:34.939root 11241100x80000000000000001744587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd2147aca36ed622022-02-14 08:44:35.430root 11241100x80000000000000001744588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd71357425baa21b2022-02-14 08:44:35.430root 11241100x80000000000000001744589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce8be44003231ff2022-02-14 08:44:35.430root 11241100x80000000000000001744590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383a83d47655fa612022-02-14 08:44:35.430root 11241100x80000000000000001744591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3839538dbe3385db2022-02-14 08:44:35.430root 11241100x80000000000000001744592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fba9961bed3ca92022-02-14 08:44:35.430root 11241100x80000000000000001744593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fa0eb53d0365182022-02-14 08:44:35.430root 11241100x80000000000000001744594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceeed92064493d6e2022-02-14 08:44:35.430root 11241100x80000000000000001744595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0875a75ee8d2c9322022-02-14 08:44:35.430root 11241100x80000000000000001744596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eddb5808298f92a2022-02-14 08:44:35.430root 11241100x80000000000000001744597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b916a0e5ea1afb062022-02-14 08:44:35.430root 11241100x80000000000000001744598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fac135d4a7f47712022-02-14 08:44:35.430root 11241100x80000000000000001744599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e7f4c679602c492022-02-14 08:44:35.431root 11241100x80000000000000001744600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5caa4d6caf739bd2022-02-14 08:44:35.431root 11241100x80000000000000001744601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509c9616a8674e8d2022-02-14 08:44:35.431root 11241100x80000000000000001744602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f435c61e63a76d12022-02-14 08:44:35.431root 11241100x80000000000000001744603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86f2281a1ce2df22022-02-14 08:44:35.431root 11241100x80000000000000001744604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83074d322281811e2022-02-14 08:44:35.431root 11241100x80000000000000001744605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc12d33e181ed7c2022-02-14 08:44:35.431root 11241100x80000000000000001744606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799ac0c13a4e78372022-02-14 08:44:35.431root 11241100x80000000000000001744607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfacc4806c8b7e3f2022-02-14 08:44:35.431root 11241100x80000000000000001744608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1816fbac0ba6e7672022-02-14 08:44:35.431root 11241100x80000000000000001744609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4d362ae17d22e32022-02-14 08:44:35.431root 11241100x80000000000000001744610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f00c82338d38a7a2022-02-14 08:44:35.431root 11241100x80000000000000001744611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402fb991003bb6ba2022-02-14 08:44:35.431root 11241100x80000000000000001744612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33a85d8346c1a1e2022-02-14 08:44:35.431root 11241100x80000000000000001744613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4ddd1a56608d0c2022-02-14 08:44:35.432root 11241100x80000000000000001744614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0257497ed632bbed2022-02-14 08:44:35.432root 11241100x80000000000000001744615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1743930d3158bc2022-02-14 08:44:35.432root 11241100x80000000000000001744616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f3abe27d185c762022-02-14 08:44:35.432root 11241100x80000000000000001744617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91299a5eb353a962022-02-14 08:44:35.432root 11241100x80000000000000001744618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50eeedd6dd6a25842022-02-14 08:44:35.432root 11241100x80000000000000001744619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c42cf548b7c02c2022-02-14 08:44:35.432root 11241100x80000000000000001744620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede1b5b340f56cf62022-02-14 08:44:35.432root 11241100x80000000000000001744621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420ca512e44741d42022-02-14 08:44:35.432root 11241100x80000000000000001744622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007f06d2d47bc8a92022-02-14 08:44:35.432root 11241100x80000000000000001744623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a8f40a370b109d2022-02-14 08:44:35.432root 11241100x80000000000000001744624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e849c88b729eee2022-02-14 08:44:35.432root 11241100x80000000000000001744625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727cf0a1189813492022-02-14 08:44:35.432root 11241100x80000000000000001744626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275af2b1b9d4c98f2022-02-14 08:44:35.432root 11241100x80000000000000001744627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02439d236dd07232022-02-14 08:44:35.432root 11241100x80000000000000001744628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba8ca5c7b7f248a2022-02-14 08:44:35.433root 11241100x80000000000000001744629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d53fbd5ed178a642022-02-14 08:44:35.433root 11241100x80000000000000001744630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d925ce4eb2a348562022-02-14 08:44:35.433root 11241100x80000000000000001744631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208b562dc662f0302022-02-14 08:44:35.433root 11241100x80000000000000001744632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9bd87c608d41bd2022-02-14 08:44:35.433root 11241100x80000000000000001744633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f2a827f580671f2022-02-14 08:44:35.433root 11241100x80000000000000001744634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd8526db4a3583c2022-02-14 08:44:35.433root 11241100x80000000000000001744635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6ed5eb97fc46f52022-02-14 08:44:35.433root 11241100x80000000000000001744636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4291d9b9bf3064ed2022-02-14 08:44:35.433root 11241100x80000000000000001744637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558ed25bc375cd742022-02-14 08:44:35.433root 11241100x80000000000000001744638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35247e5fcb143cae2022-02-14 08:44:35.433root 11241100x80000000000000001744639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61df014abff9b3282022-02-14 08:44:35.433root 11241100x80000000000000001744640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13898a9046901622022-02-14 08:44:35.433root 11241100x80000000000000001744641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c60f43c4bb28d452022-02-14 08:44:35.435root 11241100x80000000000000001744642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eadd82d48cf3ba12022-02-14 08:44:35.435root 11241100x80000000000000001744643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424d199298df9e472022-02-14 08:44:35.436root 11241100x80000000000000001744644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a31148125674c62022-02-14 08:44:35.436root 11241100x80000000000000001744645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c324d3784f5556422022-02-14 08:44:35.436root 11241100x80000000000000001744646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ca381405f4377e2022-02-14 08:44:35.436root 11241100x80000000000000001744647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5cb07cfe5da2d82022-02-14 08:44:35.436root 11241100x80000000000000001744648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed847cca0a654e802022-02-14 08:44:35.436root 11241100x80000000000000001744649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8883377fa601ceb02022-02-14 08:44:35.436root 11241100x80000000000000001744650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783921f5062f34162022-02-14 08:44:35.436root 11241100x80000000000000001744651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a57903dbad87022022-02-14 08:44:35.436root 11241100x80000000000000001744652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50be090eaadc3db22022-02-14 08:44:35.436root 11241100x80000000000000001744653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308187d88790b4ae2022-02-14 08:44:35.436root 11241100x80000000000000001744654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9c37389b5bc22f2022-02-14 08:44:35.436root 11241100x80000000000000001744655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59531a9315a440c22022-02-14 08:44:35.437root 11241100x80000000000000001744656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439382704eb3001a2022-02-14 08:44:35.437root 11241100x80000000000000001744657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95883cd45ecc4de62022-02-14 08:44:35.437root 11241100x80000000000000001744658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0434f4d931d313c2022-02-14 08:44:35.437root 11241100x80000000000000001744659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755651cdeb0408c02022-02-14 08:44:35.437root 11241100x80000000000000001744660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3505cc072f6691d2022-02-14 08:44:35.437root 11241100x80000000000000001744661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ddf7022bbeed812022-02-14 08:44:35.437root 11241100x80000000000000001744662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b830a5adeda9682022-02-14 08:44:35.437root 11241100x80000000000000001744663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1867aa97d335b332022-02-14 08:44:35.437root 11241100x80000000000000001744664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba2a77f69ba48902022-02-14 08:44:35.437root 11241100x80000000000000001744665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea0ba5f03c91fb02022-02-14 08:44:35.437root 11241100x80000000000000001744666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587f2fdd048dd7262022-02-14 08:44:35.438root 11241100x80000000000000001744667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8845610bbc3d3e2022-02-14 08:44:35.438root 11241100x80000000000000001744668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad053d9839f2f25b2022-02-14 08:44:35.438root 11241100x80000000000000001744669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d25fd6091d1e4f2022-02-14 08:44:35.438root 11241100x80000000000000001744670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe37a2d6e6b65972022-02-14 08:44:35.439root 11241100x80000000000000001744671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9cc1afdd2f3ba82022-02-14 08:44:35.439root 11241100x80000000000000001744672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc03db496c8f41fb2022-02-14 08:44:35.439root 11241100x80000000000000001744673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b4c469348d5f122022-02-14 08:44:35.440root 11241100x80000000000000001744674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7479c10ae6adf46a2022-02-14 08:44:35.930root 11241100x80000000000000001744675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adac8fe5ca2d95cb2022-02-14 08:44:35.930root 11241100x80000000000000001744676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9ae780cd1105f42022-02-14 08:44:35.930root 11241100x80000000000000001744677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4001a5b99efef222022-02-14 08:44:35.930root 11241100x80000000000000001744678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437c05c1f7f41ca32022-02-14 08:44:35.930root 11241100x80000000000000001744679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3ebf8d21fd1fd92022-02-14 08:44:35.930root 11241100x80000000000000001744680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e03a7d2431059612022-02-14 08:44:35.930root 11241100x80000000000000001744681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828700c284f36d092022-02-14 08:44:35.931root 11241100x80000000000000001744682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4345f812400a2ff2022-02-14 08:44:35.931root 11241100x80000000000000001744683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfe8a9696b4f3372022-02-14 08:44:35.931root 11241100x80000000000000001744684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac7448de37a22d42022-02-14 08:44:35.931root 11241100x80000000000000001744685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ef9acb0146de292022-02-14 08:44:35.931root 11241100x80000000000000001744686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5982a4ebaa9f4c2022-02-14 08:44:35.931root 11241100x80000000000000001744687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d23c705d0f08f1a2022-02-14 08:44:35.931root 11241100x80000000000000001744688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c057c82dece24b902022-02-14 08:44:35.931root 11241100x80000000000000001744689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7bb0140b483f152022-02-14 08:44:35.931root 11241100x80000000000000001744690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71058fbfd76272152022-02-14 08:44:35.931root 11241100x80000000000000001744691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9abd34a3e7ad752022-02-14 08:44:35.931root 11241100x80000000000000001744692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cf59bdd163afc92022-02-14 08:44:35.931root 11241100x80000000000000001744693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd91416d840d5f42022-02-14 08:44:35.932root 11241100x80000000000000001744694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1da97f0eddcb5e2022-02-14 08:44:35.932root 11241100x80000000000000001744695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422e1a44d5e939d02022-02-14 08:44:35.932root 11241100x80000000000000001744696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3464728e23b9a42022-02-14 08:44:35.932root 11241100x80000000000000001744697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23e9f981c2514292022-02-14 08:44:35.932root 11241100x80000000000000001744698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a709ffddac456c2022-02-14 08:44:35.932root 11241100x80000000000000001744699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45360928280d66c82022-02-14 08:44:35.932root 11241100x80000000000000001744700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6023e42972da49a52022-02-14 08:44:35.932root 11241100x80000000000000001744701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae2f1d42425b2a12022-02-14 08:44:35.932root 11241100x80000000000000001744702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bcffeec880975a2022-02-14 08:44:35.932root 11241100x80000000000000001744703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5b5e151a633fee2022-02-14 08:44:35.932root 11241100x80000000000000001744704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1b07d2a8c543382022-02-14 08:44:35.932root 11241100x80000000000000001744705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e2c067f02d529f2022-02-14 08:44:35.932root 11241100x80000000000000001744706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a412775476e4a5fe2022-02-14 08:44:35.932root 11241100x80000000000000001744707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee17023b7525e7a2022-02-14 08:44:35.932root 11241100x80000000000000001744708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67238feb62eb8102022-02-14 08:44:35.933root 11241100x80000000000000001744709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0d6a51d4ba56fc2022-02-14 08:44:35.933root 11241100x80000000000000001744710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f51faf8ead4a672022-02-14 08:44:35.933root 11241100x80000000000000001744711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dc3c09f5ee5ffe2022-02-14 08:44:35.933root 11241100x80000000000000001744712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da8faaf49db563e2022-02-14 08:44:35.933root 11241100x80000000000000001744713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9ffdfe692c24872022-02-14 08:44:35.933root 11241100x80000000000000001744714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378d5057881695732022-02-14 08:44:35.935root 11241100x80000000000000001744715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987f6c855226aa122022-02-14 08:44:35.935root 11241100x80000000000000001744716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324357be4f0015fa2022-02-14 08:44:35.935root 11241100x80000000000000001744717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b171918ce751b22022-02-14 08:44:35.935root 11241100x80000000000000001744718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885b5e9803bdea732022-02-14 08:44:35.935root 11241100x80000000000000001744719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996605775d879e952022-02-14 08:44:35.935root 11241100x80000000000000001744720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fc45425225367a2022-02-14 08:44:35.935root 11241100x80000000000000001744721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1a3083962eda632022-02-14 08:44:35.935root 11241100x80000000000000001744722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2960b1362c0802912022-02-14 08:44:35.936root 11241100x80000000000000001744723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b404a03a1a07752022-02-14 08:44:35.936root 11241100x80000000000000001744724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9ea92137b04baf2022-02-14 08:44:35.936root 11241100x80000000000000001744725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbcb78b2351cb1e2022-02-14 08:44:35.936root 11241100x80000000000000001744726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab02a6bffc5f0902022-02-14 08:44:35.937root 11241100x80000000000000001744727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7e24018651e7aa2022-02-14 08:44:35.937root 11241100x80000000000000001744728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b53fa6968980532022-02-14 08:44:35.937root 11241100x80000000000000001744729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7aa7603b0c83262022-02-14 08:44:35.937root 11241100x80000000000000001744730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3f2acec4ab36202022-02-14 08:44:35.937root 11241100x80000000000000001744731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a20c1335b369e882022-02-14 08:44:35.937root 11241100x80000000000000001744732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4c4df78da519de2022-02-14 08:44:35.938root 11241100x80000000000000001744733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022f71030a9f65152022-02-14 08:44:35.938root 11241100x80000000000000001744734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d199f9b6d4df9dc2022-02-14 08:44:35.938root 11241100x80000000000000001744735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f23f215ed392e9b2022-02-14 08:44:35.938root 11241100x80000000000000001744736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465e928f22f6f3552022-02-14 08:44:35.938root 11241100x80000000000000001744737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a5a71517a574ae2022-02-14 08:44:35.938root 11241100x80000000000000001744738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8209927996866f0a2022-02-14 08:44:35.939root 11241100x80000000000000001744739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a5f14a601d7a3b2022-02-14 08:44:35.939root 11241100x80000000000000001744740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dec0fc950134fb42022-02-14 08:44:35.939root 11241100x80000000000000001744741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.940{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643fb3b314917eda2022-02-14 08:44:35.940root 11241100x80000000000000001744742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.940{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a3fb8a8bac02c92022-02-14 08:44:35.940root 11241100x80000000000000001744743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.940{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28afc4e762e891832022-02-14 08:44:35.940root 11241100x80000000000000001744744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.940{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c715d6ea926cd4d12022-02-14 08:44:35.940root 11241100x80000000000000001744745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.940{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60793738d84e5a072022-02-14 08:44:35.940root 11241100x80000000000000001744746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.940{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6131ae21af6db0cd2022-02-14 08:44:35.940root 11241100x80000000000000001744747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.941{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5c5ce4bb1c45e02022-02-14 08:44:35.941root 11241100x80000000000000001744748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.941{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1693ef2d0e9eb8f42022-02-14 08:44:35.941root 11241100x80000000000000001744749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.941{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd945bc1a82382d2022-02-14 08:44:35.941root 11241100x80000000000000001744750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.941{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c70b87ca3060b42022-02-14 08:44:35.941root 11241100x80000000000000001744751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.941{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34830c3f6e401172022-02-14 08:44:35.941root 11241100x80000000000000001744752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.941{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51853d50cfdbb2f2022-02-14 08:44:35.941root 11241100x80000000000000001744753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.941{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb42f02bfd3d60d22022-02-14 08:44:35.941root 11241100x80000000000000001744754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.942{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750221b863e17fa72022-02-14 08:44:35.942root 11241100x80000000000000001744755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:35.942{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ac58dc0f49669f2022-02-14 08:44:35.942root 11241100x80000000000000001744756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d34d67fdb08eae2022-02-14 08:44:36.429root 11241100x80000000000000001744757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fe4bedb065eb632022-02-14 08:44:36.430root 11241100x80000000000000001744758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ab33428c1bb4aa2022-02-14 08:44:36.430root 11241100x80000000000000001744759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d72661dbe5f11d62022-02-14 08:44:36.430root 11241100x80000000000000001744760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9857fea05fe8e172022-02-14 08:44:36.431root 11241100x80000000000000001744761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90d8c5530e3b2be2022-02-14 08:44:36.431root 11241100x80000000000000001744762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd75d6798cf58fe42022-02-14 08:44:36.431root 11241100x80000000000000001744763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0992c3664ce6ed982022-02-14 08:44:36.431root 11241100x80000000000000001744764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f34de34a0cea832022-02-14 08:44:36.432root 11241100x80000000000000001744765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0d6d7cad950cb32022-02-14 08:44:36.432root 11241100x80000000000000001744766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63112474341e5b22022-02-14 08:44:36.432root 11241100x80000000000000001744767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f28d2a3b7258cb2022-02-14 08:44:36.432root 11241100x80000000000000001744768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca32bfad2a18fc332022-02-14 08:44:36.433root 11241100x80000000000000001744769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0837e7c07dd6b7002022-02-14 08:44:36.433root 11241100x80000000000000001744770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18a74d69d5de71b2022-02-14 08:44:36.433root 11241100x80000000000000001744771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eaca3c8fa2d52972022-02-14 08:44:36.433root 11241100x80000000000000001744772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77569e3e1a5904e52022-02-14 08:44:36.434root 11241100x80000000000000001744773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b1b32fc494bbd32022-02-14 08:44:36.434root 11241100x80000000000000001744774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d73dd0ab94ca442022-02-14 08:44:36.434root 11241100x80000000000000001744775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf794ed18dd03be2022-02-14 08:44:36.434root 11241100x80000000000000001744776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064ac6aa80eabe5b2022-02-14 08:44:36.435root 11241100x80000000000000001744777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b79a6fb20cbd312022-02-14 08:44:36.435root 11241100x80000000000000001744778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb3faa59b740f352022-02-14 08:44:36.435root 11241100x80000000000000001744779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432705d5d0e01e352022-02-14 08:44:36.435root 11241100x80000000000000001744780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8eae8a7e63f94682022-02-14 08:44:36.435root 11241100x80000000000000001744781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b48f910621d9cc92022-02-14 08:44:36.436root 11241100x80000000000000001744782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbeac636434f9eb2022-02-14 08:44:36.436root 11241100x80000000000000001744783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439cd9b74618b47d2022-02-14 08:44:36.436root 11241100x80000000000000001744784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee6932c7a537e3d2022-02-14 08:44:36.436root 11241100x80000000000000001744785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0571c7e01d3dfd702022-02-14 08:44:36.436root 11241100x80000000000000001744786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c8a0fc4d9d9a892022-02-14 08:44:36.436root 11241100x80000000000000001744787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea46675f4ae02b3a2022-02-14 08:44:36.436root 11241100x80000000000000001744788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8222eb02370227c72022-02-14 08:44:36.436root 11241100x80000000000000001744789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e864f54cbba64f2022-02-14 08:44:36.436root 11241100x80000000000000001744790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91929a07e8d4c3132022-02-14 08:44:36.436root 11241100x80000000000000001744791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ef071cc7b48f022022-02-14 08:44:36.436root 11241100x80000000000000001744792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35599a493a61c4c2022-02-14 08:44:36.437root 11241100x80000000000000001744793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5edf1577da1e2ca2022-02-14 08:44:36.437root 11241100x80000000000000001744794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ab3f9a8ea1be272022-02-14 08:44:36.437root 11241100x80000000000000001744795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b153d79e8f824c62022-02-14 08:44:36.437root 11241100x80000000000000001744796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf08f43263fe86632022-02-14 08:44:36.437root 11241100x80000000000000001744797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeaea8add0a23dff2022-02-14 08:44:36.437root 11241100x80000000000000001744798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b167e705bb6fa412022-02-14 08:44:36.437root 11241100x80000000000000001744799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2962de4642d4c7012022-02-14 08:44:36.437root 11241100x80000000000000001744800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1aca9957c4b68a2022-02-14 08:44:36.437root 11241100x80000000000000001744801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e15697cfc797b912022-02-14 08:44:36.437root 11241100x80000000000000001744802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ad2873a683e9832022-02-14 08:44:36.438root 11241100x80000000000000001744803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ac6a88bd1425fa2022-02-14 08:44:36.438root 11241100x80000000000000001744804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d82409fa570dab2022-02-14 08:44:36.438root 11241100x80000000000000001744805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbe40f784111d9c2022-02-14 08:44:36.438root 11241100x80000000000000001744806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2529c49ed50714f12022-02-14 08:44:36.438root 11241100x80000000000000001744807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ebc5721ba317962022-02-14 08:44:36.438root 11241100x80000000000000001744808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ae53cfae94051e2022-02-14 08:44:36.438root 11241100x80000000000000001744809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c312e6e600d855442022-02-14 08:44:36.438root 11241100x80000000000000001744810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b300d2def0c7afbd2022-02-14 08:44:36.438root 11241100x80000000000000001744811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40acb310191594602022-02-14 08:44:36.438root 11241100x80000000000000001744812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0962dc563d278f952022-02-14 08:44:36.438root 11241100x80000000000000001744813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb88065981ba30ab2022-02-14 08:44:36.439root 11241100x80000000000000001744814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7ea3205effb4452022-02-14 08:44:36.439root 11241100x80000000000000001744815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e703b74c2d5c15582022-02-14 08:44:36.439root 11241100x80000000000000001744816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8becc1004d27dc512022-02-14 08:44:36.439root 11241100x80000000000000001744817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884deeaaed651eb12022-02-14 08:44:36.439root 11241100x80000000000000001744818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa60febf965e48a92022-02-14 08:44:36.439root 11241100x80000000000000001744819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f71641244d6d4f62022-02-14 08:44:36.930root 11241100x80000000000000001744820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc264a0885e7b4a2022-02-14 08:44:36.931root 11241100x80000000000000001744821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807af2c03b3f5a372022-02-14 08:44:36.931root 11241100x80000000000000001744822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d2d8ef7b36860a2022-02-14 08:44:36.931root 11241100x80000000000000001744823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fca502673a00d632022-02-14 08:44:36.931root 11241100x80000000000000001744824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc86627c8e6b5e342022-02-14 08:44:36.931root 11241100x80000000000000001744825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71dc6b99bad271f12022-02-14 08:44:36.931root 11241100x80000000000000001744826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aff08abd7e64f072022-02-14 08:44:36.931root 11241100x80000000000000001744827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132bcd19f6d799412022-02-14 08:44:36.931root 11241100x80000000000000001744828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c55b6436967a0702022-02-14 08:44:36.931root 11241100x80000000000000001744829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8b87ed329e422b2022-02-14 08:44:36.932root 11241100x80000000000000001744830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69e6a5331f4117f2022-02-14 08:44:36.932root 11241100x80000000000000001744831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3327f471b6c49cc32022-02-14 08:44:36.932root 11241100x80000000000000001744832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4212d7f3d3a3842022-02-14 08:44:36.932root 11241100x80000000000000001744833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41d73a5655f38892022-02-14 08:44:36.934root 11241100x80000000000000001744834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd9f5836933bf782022-02-14 08:44:36.934root 11241100x80000000000000001744835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298668b6fb48f0c82022-02-14 08:44:36.934root 11241100x80000000000000001744836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d92bd33408864b22022-02-14 08:44:36.934root 11241100x80000000000000001744837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8888b379eb3b41e2022-02-14 08:44:36.934root 11241100x80000000000000001744838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d938dfeb371aa44a2022-02-14 08:44:36.934root 11241100x80000000000000001744839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e4c533600017ee2022-02-14 08:44:36.934root 11241100x80000000000000001744840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7f2fc9678cfb2b2022-02-14 08:44:36.934root 11241100x80000000000000001744841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c09d7c7a5fb5782022-02-14 08:44:36.934root 11241100x80000000000000001744842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a42da1b8b5b8dee2022-02-14 08:44:36.934root 11241100x80000000000000001744843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec53f8662fa38e02022-02-14 08:44:36.934root 11241100x80000000000000001744844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432911b054c0075b2022-02-14 08:44:36.935root 11241100x80000000000000001744845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49ca697ea154ab42022-02-14 08:44:36.935root 11241100x80000000000000001744846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b504044fe7d38e222022-02-14 08:44:36.935root 11241100x80000000000000001744847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2307cfb5ba37fc2022-02-14 08:44:36.935root 11241100x80000000000000001744848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4bb200780a0f5d2022-02-14 08:44:36.935root 11241100x80000000000000001744849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32db8d803b01d2582022-02-14 08:44:36.935root 11241100x80000000000000001744850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fe6d87b3050b422022-02-14 08:44:36.935root 11241100x80000000000000001744851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4f07b8ade9f6aa2022-02-14 08:44:36.935root 11241100x80000000000000001744852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8f52b49c620dac2022-02-14 08:44:36.936root 11241100x80000000000000001744853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7f3b89b1f6dcd82022-02-14 08:44:36.936root 11241100x80000000000000001744854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b238c299bfd8f202022-02-14 08:44:36.936root 11241100x80000000000000001744855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4d43bcba140e102022-02-14 08:44:36.936root 11241100x80000000000000001744856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3cf7d7ef4c05082022-02-14 08:44:36.936root 11241100x80000000000000001744857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5b98e53ec5eaa92022-02-14 08:44:36.936root 11241100x80000000000000001744858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e1520d658450142022-02-14 08:44:36.936root 11241100x80000000000000001744859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2ab5221e0308b92022-02-14 08:44:36.936root 11241100x80000000000000001744860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe993254ede627a2022-02-14 08:44:36.936root 11241100x80000000000000001744861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c55763c19cbff62022-02-14 08:44:36.937root 11241100x80000000000000001744862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babaf8f620dcdbf92022-02-14 08:44:36.937root 11241100x80000000000000001744863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9676de505f026e6c2022-02-14 08:44:36.937root 11241100x80000000000000001744864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe5b50d21ec37412022-02-14 08:44:36.937root 11241100x80000000000000001744865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15781cb9640d4d122022-02-14 08:44:36.937root 11241100x80000000000000001744866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23720f2a60f2d022022-02-14 08:44:36.937root 11241100x80000000000000001744867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f665b96d0b6617a2022-02-14 08:44:36.937root 11241100x80000000000000001744868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6136b3edcb3f72d2022-02-14 08:44:36.937root 11241100x80000000000000001744869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a625e6691e5ca652022-02-14 08:44:36.938root 11241100x80000000000000001744870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7781e4c20a1a362e2022-02-14 08:44:36.938root 11241100x80000000000000001744871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16074e63e654123c2022-02-14 08:44:36.938root 11241100x80000000000000001744872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7edf6c6c7eace8c42022-02-14 08:44:36.938root 11241100x80000000000000001744873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9708e301033e468a2022-02-14 08:44:36.938root 11241100x80000000000000001744874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:36.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fa9621d1000cc92022-02-14 08:44:36.938root 11241100x80000000000000001744875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81627fe44e4fc6342022-02-14 08:44:37.430root 11241100x80000000000000001744876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfcaae20a9c57d42022-02-14 08:44:37.430root 11241100x80000000000000001744877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7ea078da3dc6482022-02-14 08:44:37.430root 11241100x80000000000000001744878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096af4d7682b84252022-02-14 08:44:37.430root 11241100x80000000000000001744879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cf0e9d622e9e112022-02-14 08:44:37.430root 11241100x80000000000000001744880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0981e04895d7ab2022-02-14 08:44:37.430root 11241100x80000000000000001744881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fc196c67442cd02022-02-14 08:44:37.430root 11241100x80000000000000001744882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3075bb748eb734d92022-02-14 08:44:37.430root 11241100x80000000000000001744883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ba40bc3a16e4792022-02-14 08:44:37.430root 11241100x80000000000000001744884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72512db3a166896d2022-02-14 08:44:37.430root 11241100x80000000000000001744885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e98f355c0c93aa2022-02-14 08:44:37.430root 11241100x80000000000000001744886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156b6a3be84f51442022-02-14 08:44:37.430root 11241100x80000000000000001744887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad1d3fc7aaa81182022-02-14 08:44:37.430root 11241100x80000000000000001744888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdb1d13c00df05f2022-02-14 08:44:37.431root 11241100x80000000000000001744889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354e487be3bff9482022-02-14 08:44:37.431root 11241100x80000000000000001744890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a36b0ff47707ae2022-02-14 08:44:37.431root 11241100x80000000000000001744891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e9e4a4453ceff02022-02-14 08:44:37.431root 11241100x80000000000000001744892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993233900fd0c1342022-02-14 08:44:37.431root 11241100x80000000000000001744893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1dc625948790872022-02-14 08:44:37.431root 11241100x80000000000000001744894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9fac5e7c86e93c2022-02-14 08:44:37.431root 11241100x80000000000000001744895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e762610cb69ec52022-02-14 08:44:37.431root 11241100x80000000000000001744896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418cff6eae624d342022-02-14 08:44:37.431root 11241100x80000000000000001744897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecb7143018f33492022-02-14 08:44:37.431root 11241100x80000000000000001744898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e8cc751f359bdc2022-02-14 08:44:37.431root 11241100x80000000000000001744899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0b4c0426918ce52022-02-14 08:44:37.431root 11241100x80000000000000001744900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d041e1b090c177422022-02-14 08:44:37.431root 11241100x80000000000000001744901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f459695a6770b82022-02-14 08:44:37.432root 11241100x80000000000000001744902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7874c6f00f2644e62022-02-14 08:44:37.432root 11241100x80000000000000001744903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729435218e7e918c2022-02-14 08:44:37.432root 11241100x80000000000000001744904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac255b2e00e99dcd2022-02-14 08:44:37.432root 11241100x80000000000000001744905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005c91c97eb2025f2022-02-14 08:44:37.432root 11241100x80000000000000001744906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f67443372f0f0852022-02-14 08:44:37.432root 11241100x80000000000000001744907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426ed0a36ce4e4e72022-02-14 08:44:37.432root 11241100x80000000000000001744908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30597c3a58dc6112022-02-14 08:44:37.432root 11241100x80000000000000001744909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75dfbad63e84a822022-02-14 08:44:37.432root 11241100x80000000000000001744910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422335c58ccb258f2022-02-14 08:44:37.432root 11241100x80000000000000001744911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757278713812411a2022-02-14 08:44:37.432root 11241100x80000000000000001744912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b620550f6241310c2022-02-14 08:44:37.432root 11241100x80000000000000001744913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895626abdbf5674f2022-02-14 08:44:37.432root 11241100x80000000000000001744914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f332857d7cd5162022-02-14 08:44:37.432root 11241100x80000000000000001744915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39efcefcf7cba322022-02-14 08:44:37.432root 11241100x80000000000000001744916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bed649b360987b42022-02-14 08:44:37.432root 11241100x80000000000000001744917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22c7c6c0b411ead2022-02-14 08:44:37.433root 11241100x80000000000000001744918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c378e969ae629b2022-02-14 08:44:37.433root 11241100x80000000000000001744919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9317e86c7301dd62022-02-14 08:44:37.433root 11241100x80000000000000001744920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e0cd65ca9c97212022-02-14 08:44:37.433root 11241100x80000000000000001744921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e1ecab517de6722022-02-14 08:44:37.433root 11241100x80000000000000001744922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2839148fd14e88722022-02-14 08:44:37.433root 11241100x80000000000000001744923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7134542ebd53d502022-02-14 08:44:37.433root 11241100x80000000000000001744924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7adfa2e29fdf8702022-02-14 08:44:37.433root 11241100x80000000000000001744925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9071e236f0c5fb6e2022-02-14 08:44:37.433root 11241100x80000000000000001744926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61788d94070618652022-02-14 08:44:37.436root 11241100x80000000000000001744927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766ccd72b74446422022-02-14 08:44:37.436root 11241100x80000000000000001744928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad6759d8e2628392022-02-14 08:44:37.436root 11241100x80000000000000001744929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ccb599d1345d412022-02-14 08:44:37.436root 11241100x80000000000000001744930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec87cba451fa1d332022-02-14 08:44:37.436root 11241100x80000000000000001744931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d86a6dc21c143c42022-02-14 08:44:37.436root 11241100x80000000000000001744932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8b6139d613c2da2022-02-14 08:44:37.436root 11241100x80000000000000001744933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0f3a0744d21ef32022-02-14 08:44:37.436root 11241100x80000000000000001744934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b018f41d7bd27b2022-02-14 08:44:37.437root 11241100x80000000000000001744935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b69cd8f4728ec8a2022-02-14 08:44:37.437root 11241100x80000000000000001744936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd6cd5ec15661f52022-02-14 08:44:37.437root 11241100x80000000000000001744937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8701696ee09c0dd2022-02-14 08:44:37.438root 11241100x80000000000000001744938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b5dce304c71f222022-02-14 08:44:37.439root 11241100x80000000000000001744939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34844e9a73a289bb2022-02-14 08:44:37.439root 11241100x80000000000000001744940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60112490064f907a2022-02-14 08:44:37.439root 11241100x80000000000000001744941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3522f8b7477401a82022-02-14 08:44:37.440root 11241100x80000000000000001744942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509dcb68248e94cb2022-02-14 08:44:37.440root 11241100x80000000000000001744943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4435ae74d160f3c2022-02-14 08:44:37.440root 11241100x80000000000000001744944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921f0298e3ac1a4f2022-02-14 08:44:37.440root 11241100x80000000000000001744945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8ace3a96dd872c2022-02-14 08:44:37.440root 11241100x80000000000000001744946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066a6aca0e7bdc6c2022-02-14 08:44:37.440root 11241100x80000000000000001744947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a651faf0cd1a75132022-02-14 08:44:37.440root 11241100x80000000000000001744948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851e0f7d4cef55db2022-02-14 08:44:37.440root 11241100x80000000000000001744949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39acf41f95b467272022-02-14 08:44:37.440root 11241100x80000000000000001744950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3662e275dfe58cc2022-02-14 08:44:37.440root 11241100x80000000000000001744951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df688b12eba3e382022-02-14 08:44:37.441root 11241100x80000000000000001744952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c20095754ab7622022-02-14 08:44:37.441root 11241100x80000000000000001744953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c47ed959f7e30052022-02-14 08:44:37.441root 11241100x80000000000000001744954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11c5b0173b47b722022-02-14 08:44:37.930root 11241100x80000000000000001744955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3e9eedf881816b2022-02-14 08:44:37.930root 11241100x80000000000000001744956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6e3b615fe92c2c2022-02-14 08:44:37.930root 11241100x80000000000000001744957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028f3d3ae712d5f62022-02-14 08:44:37.930root 11241100x80000000000000001744958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5c57684800dd892022-02-14 08:44:37.930root 11241100x80000000000000001744959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd18d9fc19673a282022-02-14 08:44:37.930root 11241100x80000000000000001744960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b1badf5110cbe82022-02-14 08:44:37.930root 11241100x80000000000000001744961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8eb5874bbf5a302022-02-14 08:44:37.930root 11241100x80000000000000001744962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5275f38b1dd298d2022-02-14 08:44:37.931root 11241100x80000000000000001744963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c9b8ca9e165feb2022-02-14 08:44:37.931root 11241100x80000000000000001744964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef86653f217900d32022-02-14 08:44:37.931root 11241100x80000000000000001744965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2451d80d7a49c142022-02-14 08:44:37.931root 11241100x80000000000000001744966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33db5a23aeb5c9362022-02-14 08:44:37.931root 11241100x80000000000000001744967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7772e88dd0ad0e52022-02-14 08:44:37.931root 11241100x80000000000000001744968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f62066a56f57722022-02-14 08:44:37.931root 11241100x80000000000000001744969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8cc53ab22311c6a2022-02-14 08:44:37.931root 11241100x80000000000000001744970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d95aba7ee2fb682022-02-14 08:44:37.931root 11241100x80000000000000001744971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f580da695bdea2ed2022-02-14 08:44:37.931root 11241100x80000000000000001744972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f166ca3b232d811b2022-02-14 08:44:37.931root 11241100x80000000000000001744973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701906d604ede8ea2022-02-14 08:44:37.932root 11241100x80000000000000001744974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a82fda6897945722022-02-14 08:44:37.932root 11241100x80000000000000001744975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2804edfbf1c74b6e2022-02-14 08:44:37.932root 11241100x80000000000000001744976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42f4fd7db1c4ea42022-02-14 08:44:37.932root 11241100x80000000000000001744977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707f5016fdd751b22022-02-14 08:44:37.932root 11241100x80000000000000001744978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f585279200f568c2022-02-14 08:44:37.932root 11241100x80000000000000001744979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746ad23570b25af02022-02-14 08:44:37.932root 11241100x80000000000000001744980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8383cb6eaddddb2022-02-14 08:44:37.932root 11241100x80000000000000001744981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bf86df0d3fb1a82022-02-14 08:44:37.932root 11241100x80000000000000001744982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c07484ff35a40722022-02-14 08:44:37.932root 11241100x80000000000000001744983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6007299d123bb2e2022-02-14 08:44:37.932root 11241100x80000000000000001744984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8859c710b6c991e2022-02-14 08:44:37.932root 11241100x80000000000000001744985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aed2072f013c65b2022-02-14 08:44:37.932root 11241100x80000000000000001744986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074b273d5004ea9b2022-02-14 08:44:37.933root 11241100x80000000000000001744987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b610a65dd52a302022-02-14 08:44:37.933root 11241100x80000000000000001744988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9828617dd083f59a2022-02-14 08:44:37.933root 11241100x80000000000000001744989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00535a891ce2096d2022-02-14 08:44:37.933root 11241100x80000000000000001744990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5abfec255e787b2022-02-14 08:44:37.933root 11241100x80000000000000001744991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af968052dedf2122022-02-14 08:44:37.933root 11241100x80000000000000001744992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a988f10e3b3bae2022-02-14 08:44:37.933root 11241100x80000000000000001744993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71bec8de94ac5b62022-02-14 08:44:37.934root 11241100x80000000000000001744994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66777f3055bf0fb2022-02-14 08:44:37.934root 11241100x80000000000000001744995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bd93d2ae8153cf2022-02-14 08:44:37.934root 11241100x80000000000000001744996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e6b1eca87600432022-02-14 08:44:37.934root 11241100x80000000000000001744997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f703b28e6964072022-02-14 08:44:37.934root 11241100x80000000000000001744998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cb6ff16ef755932022-02-14 08:44:37.934root 11241100x80000000000000001744999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6101112089ecedb62022-02-14 08:44:37.934root 11241100x80000000000000001745000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d898b2ffd040e572022-02-14 08:44:37.935root 11241100x80000000000000001745001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633cfe16b355c7182022-02-14 08:44:37.935root 11241100x80000000000000001745002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972038caba8c08642022-02-14 08:44:37.935root 11241100x80000000000000001745003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d005a5585ac7ea22022-02-14 08:44:37.935root 11241100x80000000000000001745004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e220c76540185a82022-02-14 08:44:37.935root 11241100x80000000000000001745005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4df372a3b3f35502022-02-14 08:44:37.935root 11241100x80000000000000001745006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12ecc34c4e0cb382022-02-14 08:44:37.935root 11241100x80000000000000001745007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5208ba0119d65d2022-02-14 08:44:37.938root 11241100x80000000000000001745008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6195ffbf4d7b04752022-02-14 08:44:37.938root 11241100x80000000000000001745009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2758f150ad59853e2022-02-14 08:44:37.938root 11241100x80000000000000001745010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f7c3393efcabb22022-02-14 08:44:37.938root 11241100x80000000000000001745011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca76bfb9885821e72022-02-14 08:44:37.939root 11241100x80000000000000001745012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490c213ec9f8ed6c2022-02-14 08:44:37.939root 11241100x80000000000000001745013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15e048f689a86ac2022-02-14 08:44:37.939root 11241100x80000000000000001745014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233779b7c78650a82022-02-14 08:44:37.939root 11241100x80000000000000001745015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0ed9d341d962b82022-02-14 08:44:37.939root 11241100x80000000000000001745016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80ddcd8af9fbb6c2022-02-14 08:44:37.939root 11241100x80000000000000001745017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35889d7cc8fab4b2022-02-14 08:44:37.939root 11241100x80000000000000001745018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.940{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9a3936f92f13bd2022-02-14 08:44:37.940root 11241100x80000000000000001745019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.940{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7da712e8adc272b2022-02-14 08:44:37.940root 11241100x80000000000000001745020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.940{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573108e33832a2002022-02-14 08:44:37.940root 11241100x80000000000000001745021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.940{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26cad2edd09a2ed72022-02-14 08:44:37.940root 11241100x80000000000000001745022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.940{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba8c6d3dc8882442022-02-14 08:44:37.940root 11241100x80000000000000001745023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.941{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23801090db9c6be2022-02-14 08:44:37.941root 11241100x80000000000000001745024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.941{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd150571056245db2022-02-14 08:44:37.941root 11241100x80000000000000001745025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.941{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5577444cfae35e3b2022-02-14 08:44:37.941root 11241100x80000000000000001745026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.941{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d756c4801b4d121a2022-02-14 08:44:37.941root 11241100x80000000000000001745027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.941{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2323b0fde2f9f1852022-02-14 08:44:37.941root 11241100x80000000000000001745028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.941{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215e2078e71a75162022-02-14 08:44:37.941root 11241100x80000000000000001745029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.941{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7943e68d3988d42022-02-14 08:44:37.941root 11241100x80000000000000001745030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.941{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1414cf0865a9df2022-02-14 08:44:37.941root 11241100x80000000000000001745031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.941{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf594ce3e2a0b3c42022-02-14 08:44:37.941root 11241100x80000000000000001745032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.943{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686564177da7a5552022-02-14 08:44:37.943root 11241100x80000000000000001745033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.943{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6839b5e6d89498a52022-02-14 08:44:37.943root 11241100x80000000000000001745034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.943{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc7cb056fe547c42022-02-14 08:44:37.943root 11241100x80000000000000001745035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.943{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156a4f19770bf4c12022-02-14 08:44:37.943root 11241100x80000000000000001745036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:37.943{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f5250df6eea0882022-02-14 08:44:37.943root 11241100x80000000000000001745037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fba1c4f6761702b2022-02-14 08:44:38.430root 11241100x80000000000000001745038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794b5b220f0ce9eb2022-02-14 08:44:38.430root 11241100x80000000000000001745039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d69a217c9b303892022-02-14 08:44:38.430root 11241100x80000000000000001745040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d56f96b1b731c802022-02-14 08:44:38.430root 11241100x80000000000000001745041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee3a1baac6581f02022-02-14 08:44:38.430root 11241100x80000000000000001745042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecb0a07b7e19b302022-02-14 08:44:38.430root 11241100x80000000000000001745043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b5425c2f1be90b2022-02-14 08:44:38.430root 11241100x80000000000000001745044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9534fe55a6577a972022-02-14 08:44:38.430root 11241100x80000000000000001745045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bf715b34aaeddf2022-02-14 08:44:38.430root 11241100x80000000000000001745046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e6a153fa4c60f52022-02-14 08:44:38.431root 11241100x80000000000000001745047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24156c8b84980f102022-02-14 08:44:38.431root 11241100x80000000000000001745048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd92169c2bb58df2022-02-14 08:44:38.431root 11241100x80000000000000001745049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbef2fbedc7445592022-02-14 08:44:38.431root 11241100x80000000000000001745050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3eccf399939e1dc2022-02-14 08:44:38.431root 11241100x80000000000000001745051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d863bffc5f97f852022-02-14 08:44:38.431root 11241100x80000000000000001745052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2934851c46f034702022-02-14 08:44:38.431root 11241100x80000000000000001745053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c9b9a894fa49362022-02-14 08:44:38.431root 11241100x80000000000000001745054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0da5fd64c79d922022-02-14 08:44:38.431root 11241100x80000000000000001745055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae143b4961581532022-02-14 08:44:38.431root 11241100x80000000000000001745056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad124ecd71957312022-02-14 08:44:38.431root 11241100x80000000000000001745057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9728344b06951c232022-02-14 08:44:38.432root 11241100x80000000000000001745058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5edcfd796bb0642022-02-14 08:44:38.432root 11241100x80000000000000001745059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df166815a08dc0072022-02-14 08:44:38.432root 11241100x80000000000000001745060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffa8bd0ca23bcf52022-02-14 08:44:38.432root 11241100x80000000000000001745061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b9dee6448caa5a2022-02-14 08:44:38.432root 11241100x80000000000000001745062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e77f57d6aca45392022-02-14 08:44:38.432root 11241100x80000000000000001745063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701867636a6ecf5f2022-02-14 08:44:38.432root 11241100x80000000000000001745064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff7aa722b422d4b2022-02-14 08:44:38.432root 11241100x80000000000000001745065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335586e526db0a1a2022-02-14 08:44:38.432root 11241100x80000000000000001745066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddc59fe056252282022-02-14 08:44:38.432root 11241100x80000000000000001745067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27d6c80976fb0112022-02-14 08:44:38.432root 11241100x80000000000000001745068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e055db0b82d9de192022-02-14 08:44:38.432root 11241100x80000000000000001745069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b884664650d1722022-02-14 08:44:38.432root 11241100x80000000000000001745070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0341dee9ba3ff4b52022-02-14 08:44:38.432root 11241100x80000000000000001745071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22bf32c3eba8d022022-02-14 08:44:38.432root 11241100x80000000000000001745072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21278d6105e886cb2022-02-14 08:44:38.432root 11241100x80000000000000001745073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b10c8e01788fcd2022-02-14 08:44:38.433root 11241100x80000000000000001745074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88555e23e84ae1292022-02-14 08:44:38.433root 11241100x80000000000000001745075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b448bafff7df70f2022-02-14 08:44:38.433root 11241100x80000000000000001745076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8ef803168e19042022-02-14 08:44:38.433root 11241100x80000000000000001745077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a708e0c1e215add2022-02-14 08:44:38.433root 11241100x80000000000000001745078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a145a7947ed2ae332022-02-14 08:44:38.433root 11241100x80000000000000001745079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0438e147e39270522022-02-14 08:44:38.433root 11241100x80000000000000001745080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf678a00b8e76092022-02-14 08:44:38.433root 11241100x80000000000000001745081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbd96ef80e415482022-02-14 08:44:38.433root 11241100x80000000000000001745082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73afc512f07d74b2022-02-14 08:44:38.433root 11241100x80000000000000001745083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734f185f0071ad012022-02-14 08:44:38.433root 11241100x80000000000000001745084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7256ac3a67b7f492022-02-14 08:44:38.433root 11241100x80000000000000001745085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08e2aea864f63222022-02-14 08:44:38.433root 11241100x80000000000000001745086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9fad53089cb1562022-02-14 08:44:38.434root 11241100x80000000000000001745087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36c8e7e81fab1db2022-02-14 08:44:38.434root 11241100x80000000000000001745088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb0e3f1ddd15b402022-02-14 08:44:38.434root 11241100x80000000000000001745089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7647cc384fbaf32022-02-14 08:44:38.434root 11241100x80000000000000001745090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77cb5176f4b273302022-02-14 08:44:38.434root 11241100x80000000000000001745091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9079465dd145002022-02-14 08:44:38.434root 11241100x80000000000000001745092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60897811fda6a96d2022-02-14 08:44:38.434root 11241100x80000000000000001745093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfe7c1de086a8ef2022-02-14 08:44:38.434root 11241100x80000000000000001745094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dd404cf9e86c9d2022-02-14 08:44:38.434root 11241100x80000000000000001745095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16095307cf1d7a282022-02-14 08:44:38.434root 11241100x80000000000000001745096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a938fa033a048462022-02-14 08:44:38.434root 11241100x80000000000000001745097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a7150ed3da87392022-02-14 08:44:38.435root 11241100x80000000000000001745098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b09154899db8e042022-02-14 08:44:38.435root 11241100x80000000000000001745099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225e5e4c1ee3ce942022-02-14 08:44:38.435root 11241100x80000000000000001745100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765d78f49345a81d2022-02-14 08:44:38.435root 11241100x80000000000000001745101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a947f6ef95eb4fed2022-02-14 08:44:38.435root 11241100x80000000000000001745102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9f3630ca0c10862022-02-14 08:44:38.435root 11241100x80000000000000001745103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c9f485677309e32022-02-14 08:44:38.435root 11241100x80000000000000001745104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bee16eff126be532022-02-14 08:44:38.435root 11241100x80000000000000001745105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977701241e8cb2af2022-02-14 08:44:38.435root 11241100x80000000000000001745106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf7fd4626759d672022-02-14 08:44:38.435root 11241100x80000000000000001745107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcb686f17e7dbca2022-02-14 08:44:38.435root 11241100x80000000000000001745108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542bc67df91535822022-02-14 08:44:38.436root 11241100x80000000000000001745109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de9f7e5c8e99e662022-02-14 08:44:38.436root 11241100x80000000000000001745110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d4c60c7c865b632022-02-14 08:44:38.436root 11241100x80000000000000001745111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053c45304f3cafae2022-02-14 08:44:38.436root 11241100x80000000000000001745112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d12db5c9cf07c52022-02-14 08:44:38.436root 11241100x80000000000000001745113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e358f474326a3eec2022-02-14 08:44:38.436root 11241100x80000000000000001745114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed8bc12081e34d62022-02-14 08:44:38.436root 11241100x80000000000000001745115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e361a084ba50912022-02-14 08:44:38.436root 11241100x80000000000000001745116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc753e060a702cb52022-02-14 08:44:38.436root 11241100x80000000000000001745117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069108e30a8dca092022-02-14 08:44:38.436root 11241100x80000000000000001745118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b76b62422e4d762022-02-14 08:44:38.437root 11241100x80000000000000001745119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67defed189d643582022-02-14 08:44:38.437root 11241100x80000000000000001745120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c0765ee0653b1a2022-02-14 08:44:38.437root 11241100x80000000000000001745121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3293e32c5757802022-02-14 08:44:38.437root 11241100x80000000000000001745122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3da8f036cc80fb82022-02-14 08:44:38.437root 11241100x80000000000000001745123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d08c1a4e909e412022-02-14 08:44:38.437root 11241100x80000000000000001745124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0d1faf89142c8c2022-02-14 08:44:38.437root 11241100x80000000000000001745125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e39d619498284482022-02-14 08:44:38.437root 11241100x80000000000000001745126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ced460c92c734d2022-02-14 08:44:38.438root 11241100x80000000000000001745127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e003642bb0e06c2022-02-14 08:44:38.438root 11241100x80000000000000001745128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cde4cb410d20762022-02-14 08:44:38.438root 11241100x80000000000000001745129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86fe35b23e0dc392022-02-14 08:44:38.438root 11241100x80000000000000001745130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8deff88aa3016ee42022-02-14 08:44:38.438root 11241100x80000000000000001745131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343ec05c16d46a092022-02-14 08:44:38.438root 11241100x80000000000000001745132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db10a838c79c994b2022-02-14 08:44:38.438root 11241100x80000000000000001745133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9640cd44b08b6742022-02-14 08:44:38.439root 11241100x80000000000000001745134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0965d037edf9c7f2022-02-14 08:44:38.439root 11241100x80000000000000001745135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8f3c27ce5e9e942022-02-14 08:44:38.439root 11241100x80000000000000001745136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5aae752891744d2022-02-14 08:44:38.439root 11241100x80000000000000001745137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbe74cb41939e722022-02-14 08:44:38.439root 11241100x80000000000000001745138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978cfe75044761002022-02-14 08:44:38.440root 11241100x80000000000000001745139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd9a16e96f523722022-02-14 08:44:38.440root 11241100x80000000000000001745140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fae750b3039558b2022-02-14 08:44:38.440root 11241100x80000000000000001745141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d696a30c5420df2022-02-14 08:44:38.440root 11241100x80000000000000001745142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f401465328f48c2022-02-14 08:44:38.440root 11241100x80000000000000001745143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8df6a5776a4c392022-02-14 08:44:38.440root 11241100x80000000000000001745144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2537ce1cdae8a692022-02-14 08:44:38.440root 11241100x80000000000000001745145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c2ed0f65d18a8e2022-02-14 08:44:38.440root 11241100x80000000000000001745146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1659f889bc39c532022-02-14 08:44:38.440root 11241100x80000000000000001745147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b160674d46cebd4d2022-02-14 08:44:38.440root 11241100x80000000000000001745148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:38.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2ff8b4b73aed882022-02-14 08:44:38.440root 354300x80000000000000001745198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:45.212{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51494-false10.0.1.12-8000- 11241100x80000000000000001745199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:45.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdd857bcde015692022-02-14 08:44:45.679root 11241100x80000000000000001745200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:46.179{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edef33e36a83261b2022-02-14 08:44:46.179root 11241100x80000000000000001745201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:46.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf21e7d7907d60a2022-02-14 08:44:46.679root 11241100x80000000000000001745202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:47.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd03fe83d9ea15ad2022-02-14 08:44:47.180root 11241100x80000000000000001745203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:47.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91389b8b04e692192022-02-14 08:44:47.679root 11241100x80000000000000001745204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:48.179{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74205ba0356b3b1b2022-02-14 08:44:48.179root 11241100x80000000000000001745205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:48.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554f6dc485773c772022-02-14 08:44:48.679root 11241100x80000000000000001745206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:49.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43dd05509c2dddcf2022-02-14 08:44:49.180root 11241100x80000000000000001745207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:49.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5530faf5b3527b52022-02-14 08:44:49.679root 11241100x80000000000000001745208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:50.179{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ac0c366eb810752022-02-14 08:44:50.179root 354300x80000000000000001745209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:50.221{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51496-false10.0.1.12-8000- 11241100x80000000000000001745210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:50.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649ce064555b33372022-02-14 08:44:50.679root 11241100x80000000000000001745211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:50.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b59ecc129ca6612022-02-14 08:44:50.680root 11241100x80000000000000001745212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:51.179{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85754d3069789b8f2022-02-14 08:44:51.179root 11241100x80000000000000001745213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:51.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f58b0486b7cb9f72022-02-14 08:44:51.180root 11241100x80000000000000001745214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:51.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47b7d41cb316e932022-02-14 08:44:51.679root 11241100x80000000000000001745215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:51.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bd1866162a3de12022-02-14 08:44:51.680root 11241100x80000000000000001745216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:52.179{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc17d49d4535a08d2022-02-14 08:44:52.179root 11241100x80000000000000001745217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:52.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824d1c160e3fa5192022-02-14 08:44:52.180root 11241100x80000000000000001745218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:52.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae90f0d82eb75322022-02-14 08:44:52.679root 11241100x80000000000000001745219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:52.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fc89608460708f2022-02-14 08:44:52.680root 11241100x80000000000000001745220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:53.179{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae4050c93e19afb2022-02-14 08:44:53.179root 11241100x80000000000000001745221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:53.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502e7496c2bdb8082022-02-14 08:44:53.180root 11241100x80000000000000001745222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:53.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e737bdfc32413c512022-02-14 08:44:53.679root 11241100x80000000000000001745223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:53.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498c6c245cf7548a2022-02-14 08:44:53.680root 11241100x80000000000000001745224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:54.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d676c9a41d430d4a2022-02-14 08:44:54.180root 11241100x80000000000000001745225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:54.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed33d60795f121a2022-02-14 08:44:54.180root 11241100x80000000000000001745226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:54.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e79e092988ada362022-02-14 08:44:54.679root 11241100x80000000000000001745227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:54.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda6d90f6b39204f2022-02-14 08:44:54.680root 11241100x80000000000000001745228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:55.179{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcd16aea263d4ff2022-02-14 08:44:55.179root 11241100x80000000000000001745229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:55.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8c2f37696489482022-02-14 08:44:55.180root 11241100x80000000000000001745230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:55.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96141df9d0e6a0dd2022-02-14 08:44:55.679root 11241100x80000000000000001745231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:55.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74c5946ad808d622022-02-14 08:44:55.680root 354300x80000000000000001745232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:56.043{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51498-false10.0.1.12-8000- 11241100x80000000000000001745233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:56.044{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b53e0eeedffd6c62022-02-14 08:44:56.044root 11241100x80000000000000001745234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:56.044{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6773544f135d74bb2022-02-14 08:44:56.044root 11241100x80000000000000001745235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:56.045{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855be83bc2c782fa2022-02-14 08:44:56.045root 11241100x80000000000000001745236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:56.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1d8d46e843be0c2022-02-14 08:44:56.429root 11241100x80000000000000001745237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:56.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758a1c59652b73eb2022-02-14 08:44:56.430root 11241100x80000000000000001745238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:56.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2fc3f744f1b0d02022-02-14 08:44:56.430root 11241100x80000000000000001745239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3644ae7b12a8f11d2022-02-14 08:44:56.930root 11241100x80000000000000001745240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5dc0e24b3301372022-02-14 08:44:56.930root 11241100x80000000000000001745241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5e79735eae131b2022-02-14 08:44:56.930root 11241100x80000000000000001745242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:57.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747371c9c35d2e702022-02-14 08:44:57.429root 11241100x80000000000000001745243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e0757c4178ec222022-02-14 08:44:57.430root 11241100x80000000000000001745244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5982b5bd5d68e862022-02-14 08:44:57.430root 11241100x80000000000000001745245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:57.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9616c1cd8cb46ebe2022-02-14 08:44:57.929root 11241100x80000000000000001745246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:57.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acb15e1747d2f682022-02-14 08:44:57.930root 11241100x80000000000000001745247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:57.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087c3707c04df3152022-02-14 08:44:57.930root 11241100x80000000000000001745248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:58.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a6e6464ed37c582022-02-14 08:44:58.429root 11241100x80000000000000001745249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c453c07d759e20302022-02-14 08:44:58.430root 11241100x80000000000000001745250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1961cb652765f0c72022-02-14 08:44:58.430root 11241100x80000000000000001745251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:58.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc99fed0cc010622022-02-14 08:44:58.929root 11241100x80000000000000001745252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:58.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d92364fef1c1392022-02-14 08:44:58.930root 11241100x80000000000000001745253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:58.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923e009f526545182022-02-14 08:44:58.930root 11241100x80000000000000001745254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:59.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdc6380471544152022-02-14 08:44:59.429root 11241100x80000000000000001745255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:59.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e032cd2d9c171b992022-02-14 08:44:59.430root 11241100x80000000000000001745256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:59.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38346ec84217273f2022-02-14 08:44:59.430root 11241100x80000000000000001745257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:59.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b46b9894bb7b5b02022-02-14 08:44:59.929root 11241100x80000000000000001745258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618c36eba68f8c8a2022-02-14 08:44:59.930root 11241100x80000000000000001745259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:44:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94f1ea1b7ca9be42022-02-14 08:44:59.930root 11241100x80000000000000001745260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:00.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1c92e3250254c42022-02-14 08:45:00.430root 11241100x80000000000000001745261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:00.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f521317d835d8a2022-02-14 08:45:00.430root 11241100x80000000000000001745262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:00.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73b000b8c5455792022-02-14 08:45:00.430root 11241100x80000000000000001745263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:00.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9bae706920c8f82022-02-14 08:45:00.929root 11241100x80000000000000001745264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273429b3194db7a72022-02-14 08:45:00.930root 11241100x80000000000000001745265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c448590149b2d2d2022-02-14 08:45:00.930root 354300x80000000000000001745266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:01.172{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51500-false10.0.1.12-8000- 11241100x80000000000000001745267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:01.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfa45bb47539e032022-02-14 08:45:01.430root 11241100x80000000000000001745268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:01.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad722942962b0902022-02-14 08:45:01.430root 11241100x80000000000000001745269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:01.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3634d0b43fd40add2022-02-14 08:45:01.430root 11241100x80000000000000001745270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:01.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54fba28fc96a45a2022-02-14 08:45:01.430root 11241100x80000000000000001745271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:01.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75bc173e2e78ac52022-02-14 08:45:01.930root 11241100x80000000000000001745272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:01.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3c142e51a6a5042022-02-14 08:45:01.930root 11241100x80000000000000001745273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:01.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031c6add0bdac2f22022-02-14 08:45:01.930root 11241100x80000000000000001745274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:01.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb28ac138af83682022-02-14 08:45:01.930root 11241100x80000000000000001745275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952ad2a9ccfa20512022-02-14 08:45:02.430root 11241100x80000000000000001745276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760db1e9f7cf60c32022-02-14 08:45:02.430root 11241100x80000000000000001745277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82cf0d868cffe1f2022-02-14 08:45:02.430root 11241100x80000000000000001745278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223d41bcf321a7ef2022-02-14 08:45:02.430root 11241100x80000000000000001745279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead655d87e9785182022-02-14 08:45:02.930root 11241100x80000000000000001745280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b067660b511856f92022-02-14 08:45:02.930root 11241100x80000000000000001745281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95302f16ef3c71102022-02-14 08:45:02.930root 11241100x80000000000000001745282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9ef38ebf385d402022-02-14 08:45:02.930root 11241100x80000000000000001745283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:03.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c012531dadbd6a2022-02-14 08:45:03.430root 11241100x80000000000000001745284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:03.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699923790a6fda9e2022-02-14 08:45:03.430root 11241100x80000000000000001745285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:03.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07b7e5c61b5d1ba2022-02-14 08:45:03.430root 11241100x80000000000000001745286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:03.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582e484fda8bc9522022-02-14 08:45:03.430root 11241100x80000000000000001745287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb2ac38e74eb2002022-02-14 08:45:03.930root 11241100x80000000000000001745288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276047b22dc778e22022-02-14 08:45:03.930root 11241100x80000000000000001745289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1271dd7603c17df72022-02-14 08:45:03.930root 11241100x80000000000000001745290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc46b3b687b854d2022-02-14 08:45:03.930root 354300x80000000000000001745291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.270{ec2ab09f-1000-620a-e067-89babe550000}1006/usr/sbin/sshdroottcpfalsefalse93.104.88.175-50182-false10.0.1.20-22- 11241100x80000000000000001745292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.270{ec2ab09f-1690-620a-0000-000000000000}1885/usr/sbin/sshd/proc/1885/oom_score_adj2022-02-14 08:45:04.270root 154100x80000000000000001745293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.270{ec2ab09f-1690-620a-e0b7-75b190550000}1885/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2ab09f-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1006--- 11241100x80000000000000001745294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.271{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24651699077d18a32022-02-14 08:45:04.271root 11241100x80000000000000001745295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.271{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1540cc9e945e272022-02-14 08:45:04.271root 11241100x80000000000000001745296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.271{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca393020ec7ef012022-02-14 08:45:04.271root 11241100x80000000000000001745297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.271{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d2ffeb14694dcd2022-02-14 08:45:04.271root 11241100x80000000000000001745298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.272{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75205d1048090472022-02-14 08:45:04.272root 11241100x80000000000000001745299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.272{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0781eb43837e3bd92022-02-14 08:45:04.272root 11241100x80000000000000001745300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.356{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489/lib/systemd/systemd-udevd/run/udev/queue2022-02-14 08:45:04.356root 23542300x80000000000000001745301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.358{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000001745302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.358{ec2ab09f-1690-620a-0000-000000000000}1887-root 11241100x80000000000000001745303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.381{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489/lib/systemd/systemd-udevd/run/udev/queue2022-02-14 08:45:04.381root 534500x80000000000000001745304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.382{ec2ab09f-1690-620a-0000-000000000000}1886-sshd 23542300x80000000000000001745305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.383{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000001745306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.383{00000000-0000-0000-0000-000000000000}1888<unknown process>root 11241100x80000000000000001745307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.389{ec2ab09f-0ff1-620a-5819-429342560000}1/lib/systemd/systemd/run/systemd/transient/user-1000.slice2022-02-14 08:45:04.389root 11241100x80000000000000001745308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.391{ec2ab09f-1000-620a-8083-5594c8550000}928/lib/systemd/systemd-logind/run/systemd/users/.#1000IHS8wU2022-02-14 08:45:04.391root 11241100x80000000000000001745309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.401{ec2ab09f-1000-620a-8083-5594c8550000}928/lib/systemd/systemd-logind/run/systemd/users/.#1000U4VqOF2022-02-14 08:45:04.401root 11241100x80000000000000001745310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.403{ec2ab09f-0ff9-620a-c82a-0f291d560000}470/lib/systemd/systemd-journald/run/systemd/journal/streams/.#9:298175lMJpK2022-02-14 08:45:04.403root 11241100x80000000000000001745311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.404{ec2ab09f-0ff1-620a-5819-429342560000}1/lib/systemd/systemd/run/systemd/transient/session-2.scope2022-02-14 08:45:04.404root 11241100x80000000000000001745312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.404{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489/lib/systemd/systemd-udevd/run/udev/queue2022-02-14 08:45:04.404root 11241100x80000000000000001745313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.409{ec2ab09f-1000-620a-8083-5594c8550000}928/lib/systemd/systemd-logind/run/systemd/sessions/.#2i1826q2022-02-14 08:45:04.409root 11241100x80000000000000001745314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.410{ec2ab09f-1000-620a-8083-5594c8550000}928/lib/systemd/systemd-logind/run/systemd/users/.#10006WGTpc2022-02-14 08:45:04.410root 11241100x80000000000000001745315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.410{ec2ab09f-1000-620a-8083-5594c8550000}928/lib/systemd/systemd-logind/run/systemd/users/.#1000E9iOIX2022-02-14 08:45:04.410root 154100x80000000000000001745316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.401{ec2ab09f-1690-620a-5879-2b17cd550000}1889/lib/systemd/systemd-----/lib/systemd/systemd --user/ubuntu{ec2ab09f-0000-0000-e803-000000000000}10003no level-{ec2ab09f-0ff1-620a-5819-429342560000}1/lib/systemd/systemd/sbin/initroot 11241100x80000000000000001745317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.411{ec2ab09f-1000-620a-8083-5594c8550000}928/lib/systemd/systemd-logind/run/systemd/sessions/.#2GujL1I2022-02-14 08:45:04.411root 11241100x80000000000000001745318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.411{ec2ab09f-1000-620a-8083-5594c8550000}928/lib/systemd/systemd-logind/run/systemd/users/.#1000eTcJku2022-02-14 08:45:04.411root 23542300x80000000000000001745319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.420{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000001745320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.420{ec2ab09f-1690-620a-0000-000000000000}1893-root 534500x80000000000000001745321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.420{00000000-0000-0000-0000-000000000000}1900<unknown process>root 534500x80000000000000001745322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.420{00000000-0000-0000-0000-000000000000}1891<unknown process>root 534500x80000000000000001745323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.420{ec2ab09f-1690-620a-0000-000000000000}1898-root 534500x80000000000000001745324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.420{00000000-0000-0000-0000-000000000000}1890<unknown process>root 534500x80000000000000001745325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.420{00000000-0000-0000-0000-000000000000}1896<unknown process>root 534500x80000000000000001745326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.420{00000000-0000-0000-0000-000000000000}1899<unknown process>root 534500x80000000000000001745327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.421{00000000-0000-0000-0000-000000000000}1897<unknown process>root 11241100x80000000000000001745328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.420{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489/lib/systemd/systemd-udevd/run/udev/queue2022-02-14 08:45:04.420root 534500x80000000000000001745329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.421{00000000-0000-0000-0000-000000000000}1895<unknown process>root 534500x80000000000000001745330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.421{00000000-0000-0000-0000-000000000000}1892<unknown process>root 154100x80000000000000001745331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.423{ec2ab09f-1690-620a-d012-0d43cd550000}1906/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator-----/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator/ubuntu{ec2ab09f-0000-0000-e803-000000000000}10003no level-{00000000-0000-0000-0000-000000000000}1902--- 23542300x80000000000000001745332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.429{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000001745333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.430{ec2ab09f-1690-620a-d012-0d43cd550000}1906/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generatorubuntu 534500x80000000000000001745334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.430{00000000-0000-0000-0000-000000000000}1903<unknown process>root 534500x80000000000000001745335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.430{00000000-0000-0000-0000-000000000000}1904<unknown process>root 534500x80000000000000001745336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.430{00000000-0000-0000-0000-000000000000}1905<unknown process>root 534500x80000000000000001745337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.430{00000000-0000-0000-0000-000000000000}1901<unknown process>root 154100x80000000000000001745338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.430{ec2ab09f-1690-620a-08a4-0b3a83550000}1907/bin/bash-----/bin/bash /usr/lib/systemd/user-environment-generators/90gpg-agent/ubuntu{ec2ab09f-0000-0000-e803-000000000000}10003no level-{00000000-0000-0000-0000-000000000000}1902--- 11241100x80000000000000001745339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.432{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489/lib/systemd/systemd-udevd/run/udev/queue2022-02-14 08:45:04.432root 154100x80000000000000001745340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.432{ec2ab09f-1690-620a-b05f-29f8bf550000}1908/usr/bin/gpgconf-----gpgconf --list-dirs agent-socket/ubuntu{ec2ab09f-0000-0000-e803-000000000000}10003no level-{ec2ab09f-1690-620a-08a4-0b3a83550000}1907/bin/bash/bin/bashubuntu 23542300x80000000000000001745341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.437{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000001745342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.438{00000000-0000-0000-0000-000000000000}1909<unknown process>root 534500x80000000000000001745343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.438{00000000-0000-0000-0000-000000000000}1910<unknown process>root 534500x80000000000000001745344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.439{ec2ab09f-1690-620a-b05f-29f8bf550000}1908/usr/bin/gpgconfubuntu 154100x80000000000000001745345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.441{ec2ab09f-1690-620a-f02c-b9c5e4550000}1913/usr/bin/gawk-----awk -F: /^enable-ssh-support:/{ print $10 }/ubuntu{ec2ab09f-0000-0000-e803-000000000000}10003no level-{00000000-0000-0000-0000-000000000000}1911--- 154100x80000000000000001745346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.440{ec2ab09f-1690-620a-b02f-426dcb550000}1912/usr/bin/gpgconf-----gpgconf --list-options gpg-agent/ubuntu{ec2ab09f-0000-0000-e803-000000000000}10003no level-{00000000-0000-0000-0000-000000000000}1911--- 154100x80000000000000001745347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.442{ec2ab09f-1690-620a-c8b5-6f2c37560000}1914/usr/bin/gpg-agent-----gpg-agent --gpgconf-list/ubuntu{ec2ab09f-0000-0000-e803-000000000000}10003no level-{ec2ab09f-1690-620a-b02f-426dcb550000}1912/usr/bin/gpgconfgpgconfubuntu 534500x80000000000000001745348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.454{ec2ab09f-1690-620a-c8b5-6f2c37560000}1914/usr/bin/gpg-agentubuntu 534500x80000000000000001745349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.454{ec2ab09f-1690-620a-b02f-426dcb550000}1912/usr/bin/gpgconfubuntu 534500x80000000000000001745350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.454{ec2ab09f-1690-620a-f02c-b9c5e4550000}1913/usr/bin/gawkubuntu 534500x80000000000000001745351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.455{ec2ab09f-1690-620a-0000-000000000000}1911-ubuntu 534500x80000000000000001745352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.455{ec2ab09f-1690-620a-08a4-0b3a83550000}1907/bin/bashubuntu 534500x80000000000000001745353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.455{ec2ab09f-1690-620a-0000-000000000000}1902-ubuntu 534500x80000000000000001745354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.457{00000000-0000-0000-0000-000000000000}1915<unknown process>ubuntu 11241100x80000000000000001745355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.488{ec2ab09f-1000-620a-8083-5594c8550000}928/lib/systemd/systemd-logind/run/systemd/sessions/.#2c5WQQf2022-02-14 08:45:04.488root 11241100x80000000000000001745356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.489{ec2ab09f-1000-620a-8083-5594c8550000}928/lib/systemd/systemd-logind/run/systemd/users/.#10008VXZm12022-02-14 08:45:04.489root 154100x80000000000000001745357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.489{ec2ab09f-1690-620a-6822-2ac4e2550000}1916/bin/dash-----sh -c /usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d > /run/motd.dynamic.new/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-e0b7-75b190550000}1885/usr/sbin/sshd/usr/sbin/sshdroot 11241100x80000000000000001745358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.490{ec2ab09f-1690-620a-6822-2ac4e2550000}1916/bin/dash/run/motd.dynamic.new2022-02-14 08:45:04.490root 154100x80000000000000001745359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.490{ec2ab09f-1690-620a-78ac-104278550000}1917/usr/bin/env-----/usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-6822-2ac4e2550000}1916/bin/dashshroot 154100x80000000000000001745360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.490{ec2ab09f-1690-620a-38aa-ec4ba0550000}1917/bin/run-parts-----run-parts --lsbsysinit /etc/update-motd.d/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-6822-2ac4e2550000}1916/bin/dashshroot 154100x80000000000000001745361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.493{ec2ab09f-1690-620a-6832-6be07a550000}1918/bin/dash-----/bin/sh /etc/update-motd.d/00-header/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-38aa-ec4ba0550000}1917/bin/run-partsrun-partsroot 154100x80000000000000001745362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.495{ec2ab09f-1690-620a-80fe-ea2c13560000}1919/bin/uname-----uname -o/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-6832-6be07a550000}1918/bin/dash/bin/shroot 534500x80000000000000001745363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.495{ec2ab09f-1690-620a-80fe-ea2c13560000}1919/bin/unameroot 154100x80000000000000001745364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.495{ec2ab09f-1690-620a-804e-f5b400560000}1920/bin/uname-----uname -r/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-6832-6be07a550000}1918/bin/dash/bin/shroot 534500x80000000000000001745365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.496{ec2ab09f-1690-620a-804e-f5b400560000}1920/bin/unameroot 154100x80000000000000001745366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.496{ec2ab09f-1690-620a-801e-6c452e560000}1921/bin/uname-----uname -m/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-6832-6be07a550000}1918/bin/dash/bin/shroot 534500x80000000000000001745367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.497{ec2ab09f-1690-620a-801e-6c452e560000}1921/bin/unameroot 534500x80000000000000001745368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.497{ec2ab09f-1690-620a-6832-6be07a550000}1918/bin/dashroot 154100x80000000000000001745369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.498{ec2ab09f-1690-620a-6842-b413ae550000}1922/bin/dash-----/bin/sh /etc/update-motd.d/10-help-text/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-38aa-ec4ba0550000}1917/bin/run-partsrun-partsroot 534500x80000000000000001745370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.499{ec2ab09f-1690-620a-6842-b413ae550000}1922/bin/dashroot 154100x80000000000000001745371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.500{ec2ab09f-1690-620a-6832-31ad97550000}1923/bin/dash-----/bin/sh /etc/update-motd.d/50-landscape-sysinfo/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-38aa-ec4ba0550000}1917/bin/run-partsrun-partsroot 154100x80000000000000001745372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.501{ec2ab09f-1690-620a-507c-e7e8af550000}1924/bin/grep-----grep -c ^processor /proc/cpuinfo/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-6832-31ad97550000}1923/bin/dash/bin/shroot 534500x80000000000000001745373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.502{ec2ab09f-1690-620a-507c-e7e8af550000}1924/bin/greproot 154100x80000000000000001745374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.502{ec2ab09f-1690-620a-b820-304195550000}1928/usr/bin/cut-----cut -f1 -d /proc/loadavg/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}1926--- 534500x80000000000000001745375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.503{ec2ab09f-1690-620a-b820-304195550000}1928/usr/bin/cutroot 534500x80000000000000001745376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.503{ec2ab09f-1690-620a-0000-000000000000}1926-root 154100x80000000000000001745377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.502{ec2ab09f-1690-620a-983f-b1fd08560000}1927/usr/bin/bc-----bc/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}1925--- 534500x80000000000000001745378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.505{ec2ab09f-1690-620a-983f-b1fd08560000}1927/usr/bin/bcroot 534500x80000000000000001745379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.505{ec2ab09f-1690-620a-0000-000000000000}1925-root 154100x80000000000000001745380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.505{ec2ab09f-1690-620a-08cf-cdef7c550000}1929/bin/date-----/bin/date/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-6832-31ad97550000}1923/bin/dash/bin/shroot 534500x80000000000000001745381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.505{ec2ab09f-1690-620a-08cf-cdef7c550000}1929/bin/dateroot 154100x80000000000000001745382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.506{ec2ab09f-1690-620a-a036-7b0000000000}1930/usr/bin/python3.6-----/usr/bin/python3 /usr/bin/landscape-sysinfo/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-6832-31ad97550000}1923/bin/dash/bin/shroot 11241100x80000000000000001745383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972cf0bb4c61559e2022-02-14 08:45:04.680root 11241100x80000000000000001745384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893d8a671e676b3d2022-02-14 08:45:04.680root 11241100x80000000000000001745385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cd2cebff314a1f2022-02-14 08:45:04.680root 11241100x80000000000000001745386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028683d35a74a8c22022-02-14 08:45:04.681root 11241100x80000000000000001745387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b450b23b72df95332022-02-14 08:45:04.681root 11241100x80000000000000001745388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126c069b0167df242022-02-14 08:45:04.682root 11241100x80000000000000001745389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9326b62eb2a962012022-02-14 08:45:04.682root 11241100x80000000000000001745390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6398472d9b5c95892022-02-14 08:45:04.682root 11241100x80000000000000001745391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac1ac9a05af329e2022-02-14 08:45:04.682root 11241100x80000000000000001745392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc6ea61736706932022-02-14 08:45:04.682root 11241100x80000000000000001745393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7340470d515b1cb32022-02-14 08:45:04.682root 11241100x80000000000000001745394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c216c65346c7da22022-02-14 08:45:04.682root 11241100x80000000000000001745395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7449fc406345ba2022-02-14 08:45:04.683root 11241100x80000000000000001745396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1e99cc9680ecd12022-02-14 08:45:04.692root 11241100x80000000000000001745397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e80da653b4843f2022-02-14 08:45:04.692root 154100x80000000000000001745398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.691{ec2ab09f-1690-620a-6812-dc62a1550000}1931/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-a036-7b0000000000}1930/usr/bin/python3.6/usr/bin/python3root 154100x80000000000000001745399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.691{ec2ab09f-1690-620a-b01f-9f4c2f7f0000}1931/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-a036-7b0000000000}1930/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000001745400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.695{ec2ab09f-1690-620a-b01f-9f4c2f7f0000}1931/sbin/ldconfig.realroot 11241100x80000000000000001745401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64d441683ccc3eb2022-02-14 08:45:04.696root 11241100x80000000000000001745402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbade4d6e793b6f2022-02-14 08:45:04.696root 11241100x80000000000000001745403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b9f9aab3a388182022-02-14 08:45:04.696root 11241100x80000000000000001745404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5371c6217b3869812022-02-14 08:45:04.697root 11241100x80000000000000001745405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c75736e7f289062022-02-14 08:45:04.697root 11241100x80000000000000001745406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0417ef648ccdaa82022-02-14 08:45:04.697root 11241100x80000000000000001745407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89268c265710c5862022-02-14 08:45:04.697root 11241100x80000000000000001745408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927a06041c2141252022-02-14 08:45:04.697root 11241100x80000000000000001745409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328ed4b627b8498b2022-02-14 08:45:04.697root 11241100x80000000000000001745410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1421f06a2d12e6a52022-02-14 08:45:04.697root 11241100x80000000000000001745411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80d6f3469ffa5b92022-02-14 08:45:04.697root 11241100x80000000000000001745412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ec8d4c094edd652022-02-14 08:45:04.697root 11241100x80000000000000001745413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1a5d84e85d71ff2022-02-14 08:45:04.698root 11241100x80000000000000001745414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6f5d02069928722022-02-14 08:45:04.698root 11241100x80000000000000001745415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e7997c8208f6d82022-02-14 08:45:04.698root 11241100x80000000000000001745416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b75f0eb5674cb22022-02-14 08:45:04.698root 11241100x80000000000000001745417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40969cd4c662d4f92022-02-14 08:45:04.698root 11241100x80000000000000001745418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4672f5e8940ee4032022-02-14 08:45:04.698root 11241100x80000000000000001745419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d9db47cf3b50992022-02-14 08:45:04.698root 11241100x80000000000000001745420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34dc00163a58b6312022-02-14 08:45:04.698root 11241100x80000000000000001745421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175e213537dbe66e2022-02-14 08:45:04.698root 11241100x80000000000000001745422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc434bc934a3efca2022-02-14 08:45:04.698root 11241100x80000000000000001745423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525fef1d9e2b183d2022-02-14 08:45:04.698root 11241100x80000000000000001745424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ead1f93a05f8bfa2022-02-14 08:45:04.699root 11241100x80000000000000001745425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5960bce033e050262022-02-14 08:45:04.699root 11241100x80000000000000001745426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0691949e5de67942022-02-14 08:45:04.699root 11241100x80000000000000001745427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89215b4ce12b24a52022-02-14 08:45:04.699root 11241100x80000000000000001745428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e89b1b80448a112022-02-14 08:45:04.699root 11241100x80000000000000001745429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdacc92052847fc82022-02-14 08:45:04.699root 11241100x80000000000000001745430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e775dbcf8ea2c882022-02-14 08:45:04.699root 11241100x80000000000000001745431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72607ac91bc65b82022-02-14 08:45:04.699root 11241100x80000000000000001745432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2d1114726da5862022-02-14 08:45:04.699root 11241100x80000000000000001745433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5925fe3e71bf1fc42022-02-14 08:45:04.699root 11241100x80000000000000001745434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1a884e0df3c29e2022-02-14 08:45:04.700root 11241100x80000000000000001745435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ed17297fb7bb992022-02-14 08:45:04.700root 11241100x80000000000000001745436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1869f92ee1ce1f42022-02-14 08:45:04.700root 11241100x80000000000000001745437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce2e3afe2ee6eaa2022-02-14 08:45:04.700root 11241100x80000000000000001745438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6dc2787dfbcb852022-02-14 08:45:04.700root 11241100x80000000000000001745439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80af822c9eda23f72022-02-14 08:45:04.700root 11241100x80000000000000001745440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ed86c9aa6779192022-02-14 08:45:04.700root 11241100x80000000000000001745441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f5ee309e9193cb2022-02-14 08:45:04.700root 11241100x80000000000000001745442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9cdebdc43ddc212022-02-14 08:45:04.700root 11241100x80000000000000001745443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7c8cd1e7a195892022-02-14 08:45:04.700root 11241100x80000000000000001745444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7682bbb20b9ad0e22022-02-14 08:45:04.701root 11241100x80000000000000001745445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a318a1697b68362022-02-14 08:45:04.701root 11241100x80000000000000001745446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839cbdcf602b29c22022-02-14 08:45:04.701root 11241100x80000000000000001745447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f4aec6866cc0042022-02-14 08:45:04.706root 11241100x80000000000000001745448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7eadc5087994f502022-02-14 08:45:04.706root 11241100x80000000000000001745449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.707{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff34bb78bebe9ad2022-02-14 08:45:04.707root 11241100x80000000000000001745450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.707{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab81285e6aaa9972022-02-14 08:45:04.707root 11241100x80000000000000001745451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.707{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3466ad543ebd98a92022-02-14 08:45:04.707root 11241100x80000000000000001745452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.708{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b1582184fed0e82022-02-14 08:45:04.708root 11241100x80000000000000001745453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.709{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccef06fd70104012022-02-14 08:45:04.709root 11241100x80000000000000001745454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.709{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1efaefe9b3ae572022-02-14 08:45:04.709root 11241100x80000000000000001745455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.709{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bd1a56f0de6f772022-02-14 08:45:04.709root 11241100x80000000000000001745456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b6e6735d8368ee2022-02-14 08:45:04.710root 11241100x80000000000000001745457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209b824ed10052b52022-02-14 08:45:04.710root 11241100x80000000000000001745458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438b86b69b66e94d2022-02-14 08:45:04.710root 11241100x80000000000000001745459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.711{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e20f460fd715482022-02-14 08:45:04.711root 11241100x80000000000000001745460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.711{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b176c9ccbb0a00fa2022-02-14 08:45:04.711root 11241100x80000000000000001745461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.711{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261fd8900b01d0582022-02-14 08:45:04.711root 11241100x80000000000000001745462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.712{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ec1d5bac83c5852022-02-14 08:45:04.712root 11241100x80000000000000001745463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.713{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d02aa76069c4532022-02-14 08:45:04.713root 11241100x80000000000000001745464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.714{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8348741c297da6a72022-02-14 08:45:04.714root 11241100x80000000000000001745465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.714{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac57c99363c0042e2022-02-14 08:45:04.714root 11241100x80000000000000001745466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.714{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77504a025611d4c02022-02-14 08:45:04.714root 11241100x80000000000000001745467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.714{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759469fe8559b2b72022-02-14 08:45:04.714root 11241100x80000000000000001745468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50ae5c3c87e730f2022-02-14 08:45:04.715root 11241100x80000000000000001745469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156b2e225573c47f2022-02-14 08:45:04.715root 11241100x80000000000000001745470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.716{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9869cf0214cd3a732022-02-14 08:45:04.716root 11241100x80000000000000001745471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.716{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cfd0d5720cbcc12022-02-14 08:45:04.716root 11241100x80000000000000001745472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.716{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0288dfc1f76bb772022-02-14 08:45:04.716root 11241100x80000000000000001745473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.717{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82be2e63ce0d7252022-02-14 08:45:04.717root 11241100x80000000000000001745474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.717{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b92848a249e6552022-02-14 08:45:04.717root 11241100x80000000000000001745475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.717{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f906adf3143462a2022-02-14 08:45:04.717root 11241100x80000000000000001745476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.719{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794d672fa0d703c52022-02-14 08:45:04.719root 11241100x80000000000000001745477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.719{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad1c121cf84601b2022-02-14 08:45:04.719root 11241100x80000000000000001745478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.719{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b76db14e1396c522022-02-14 08:45:04.719root 11241100x80000000000000001745479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.719{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100632582667ed592022-02-14 08:45:04.719root 11241100x80000000000000001745480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.719{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec852d7db445e792022-02-14 08:45:04.719root 11241100x80000000000000001745481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.719{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfac9a80d705aa262022-02-14 08:45:04.719root 11241100x80000000000000001745482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2dc7817c1d21ca2022-02-14 08:45:04.720root 11241100x80000000000000001745483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711f7a0987f97a932022-02-14 08:45:04.720root 11241100x80000000000000001745484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c925caeb71221fc2022-02-14 08:45:04.720root 11241100x80000000000000001745485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a894c459fac6a1252022-02-14 08:45:04.720root 11241100x80000000000000001745486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b398fc3cc46fd412022-02-14 08:45:04.720root 11241100x80000000000000001745487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3de070b1fde9c552022-02-14 08:45:04.720root 11241100x80000000000000001745488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed33cd82ee9aebe22022-02-14 08:45:04.720root 11241100x80000000000000001745489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f887f32f94abf02022-02-14 08:45:04.720root 11241100x80000000000000001745490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e3e92b623085db2022-02-14 08:45:04.720root 11241100x80000000000000001745491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc1a24a3c2146f12022-02-14 08:45:04.720root 11241100x80000000000000001745492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc91b73369f9ff62022-02-14 08:45:04.720root 11241100x80000000000000001745493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565bc236503c4b7f2022-02-14 08:45:04.720root 11241100x80000000000000001745494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6fe36a5d8b872c2022-02-14 08:45:04.720root 11241100x80000000000000001745495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57200581f4c64432022-02-14 08:45:04.720root 11241100x80000000000000001745496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65722faef4eb04192022-02-14 08:45:04.720root 11241100x80000000000000001745497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba17959d4dbd2632022-02-14 08:45:04.721root 11241100x80000000000000001745498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c38a97a08630182022-02-14 08:45:04.721root 11241100x80000000000000001745499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60cb48499344fff2022-02-14 08:45:04.721root 11241100x80000000000000001745500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a9ab2c9880c9d22022-02-14 08:45:04.721root 11241100x80000000000000001745501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb141ab8c9a3d1f2022-02-14 08:45:04.721root 11241100x80000000000000001745502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c07bc1db4661172022-02-14 08:45:04.721root 11241100x80000000000000001745503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a300242078da32fa2022-02-14 08:45:04.721root 11241100x80000000000000001745504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c849084afb1b14e52022-02-14 08:45:04.721root 11241100x80000000000000001745505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fa7a98f88566d32022-02-14 08:45:04.721root 11241100x80000000000000001745506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a8c06c8ffc8b962022-02-14 08:45:04.721root 11241100x80000000000000001745507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d65f5eb1430ca52022-02-14 08:45:04.721root 11241100x80000000000000001745508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8b447e12b3e1332022-02-14 08:45:04.721root 11241100x80000000000000001745509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd967ec6b28258f42022-02-14 08:45:04.721root 11241100x80000000000000001745510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4d0c3811b686f62022-02-14 08:45:04.721root 11241100x80000000000000001745511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346c90bda3d77a7a2022-02-14 08:45:04.721root 11241100x80000000000000001745512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.722{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a2007dbd07de9a2022-02-14 08:45:04.722root 11241100x80000000000000001745513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.722{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b925f21981331022022-02-14 08:45:04.722root 11241100x80000000000000001745514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.722{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184fecc170d2cb932022-02-14 08:45:04.722root 11241100x80000000000000001745515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.722{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199311b748b7f2b72022-02-14 08:45:04.722root 11241100x80000000000000001745516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a91ad3fdd5e9bdf2022-02-14 08:45:04.724root 11241100x80000000000000001745517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf4fe9bee647a982022-02-14 08:45:04.724root 11241100x80000000000000001745518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2af27ab33550a32022-02-14 08:45:04.724root 11241100x80000000000000001745519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5881cc3a5916e6002022-02-14 08:45:04.724root 11241100x80000000000000001745520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92f893a363e26ff2022-02-14 08:45:04.724root 11241100x80000000000000001745521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.725{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4cf94d92d1a05e2022-02-14 08:45:04.725root 11241100x80000000000000001745522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.725{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d986e1f7e3df5c3d2022-02-14 08:45:04.725root 11241100x80000000000000001745523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.725{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edb1aab48b9a7ce2022-02-14 08:45:04.725root 11241100x80000000000000001745524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.725{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf816d9103be2542022-02-14 08:45:04.725root 11241100x80000000000000001745525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.725{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a546de3a7df1292022-02-14 08:45:04.725root 11241100x80000000000000001745526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.725{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e8b0f7de1afb222022-02-14 08:45:04.725root 11241100x80000000000000001745527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5451fb19e200e5172022-02-14 08:45:04.726root 11241100x80000000000000001745528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a9c0517f341dde2022-02-14 08:45:04.726root 11241100x80000000000000001745529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51457fa827ff3a142022-02-14 08:45:04.726root 11241100x80000000000000001745530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6947921da2fd099a2022-02-14 08:45:04.726root 11241100x80000000000000001745531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f887de7a14df87e2022-02-14 08:45:04.726root 11241100x80000000000000001745532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef0a82782f57d1b2022-02-14 08:45:04.727root 11241100x80000000000000001745533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f776b275ea217cc72022-02-14 08:45:04.727root 11241100x80000000000000001745534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1820f5d33eefbe692022-02-14 08:45:04.727root 11241100x80000000000000001745535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d04192d5e6e76f12022-02-14 08:45:04.727root 11241100x80000000000000001745536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b8f10c532f173c2022-02-14 08:45:04.727root 11241100x80000000000000001745537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e7df1c41a460352022-02-14 08:45:04.727root 11241100x80000000000000001745538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f2cea880e09fde2022-02-14 08:45:04.727root 11241100x80000000000000001745539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39565dea52fb3f0d2022-02-14 08:45:04.728root 11241100x80000000000000001745540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635dc66199c8a62a2022-02-14 08:45:04.728root 11241100x80000000000000001745541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0cd2d281223d412022-02-14 08:45:04.728root 11241100x80000000000000001745542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81632498cf747c352022-02-14 08:45:04.728root 11241100x80000000000000001745543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5e5dbbf9197c2f2022-02-14 08:45:04.728root 11241100x80000000000000001745544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4719d595f243e92022-02-14 08:45:04.728root 11241100x80000000000000001745545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f85bd0a1cb52372022-02-14 08:45:04.728root 11241100x80000000000000001745546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6159c3bac531a4f2022-02-14 08:45:04.729root 11241100x80000000000000001745547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bd41bb30af5a372022-02-14 08:45:04.729root 11241100x80000000000000001745548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb914d9ee297d732022-02-14 08:45:04.729root 11241100x80000000000000001745549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0dcd79d319c0cc2022-02-14 08:45:04.729root 11241100x80000000000000001745550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c56d2a2411153eb2022-02-14 08:45:04.729root 11241100x80000000000000001745551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef7f7af1e1c34df2022-02-14 08:45:04.729root 11241100x80000000000000001745552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146a75f38f0dbbef2022-02-14 08:45:04.729root 11241100x80000000000000001745553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d40489615ac0f52022-02-14 08:45:04.730root 11241100x80000000000000001745554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bfc78c207b4ab72022-02-14 08:45:04.730root 11241100x80000000000000001745555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0556a31d80115b042022-02-14 08:45:04.730root 11241100x80000000000000001745556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17988ef87d1b49512022-02-14 08:45:04.730root 11241100x80000000000000001745557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b96a904e0ab3c52022-02-14 08:45:04.730root 11241100x80000000000000001745558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f843b01ec428072022-02-14 08:45:04.730root 11241100x80000000000000001745559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c8acaaba2119062022-02-14 08:45:04.730root 11241100x80000000000000001745560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c137fb3d8d9b5de72022-02-14 08:45:04.731root 11241100x80000000000000001745561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e50729d6eae1722022-02-14 08:45:04.731root 11241100x80000000000000001745562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023af8b98671c2932022-02-14 08:45:04.731root 11241100x80000000000000001745563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00d872149b7b6dd2022-02-14 08:45:04.731root 11241100x80000000000000001745564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed53c63a62c345e2022-02-14 08:45:04.731root 11241100x80000000000000001745565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbc242abb7fbd5b2022-02-14 08:45:04.731root 11241100x80000000000000001745566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae876b289d6bb47d2022-02-14 08:45:04.731root 11241100x80000000000000001745567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2b0faaf2b320582022-02-14 08:45:04.731root 11241100x80000000000000001745568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805bace177f8edd72022-02-14 08:45:04.732root 11241100x80000000000000001745569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b593d3167c222c502022-02-14 08:45:04.732root 11241100x80000000000000001745570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbb46abb70795be2022-02-14 08:45:04.732root 11241100x80000000000000001745571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea8dae92d1f34dd2022-02-14 08:45:04.732root 11241100x80000000000000001745572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139f19dd407cfd312022-02-14 08:45:04.732root 11241100x80000000000000001745573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4a54c96bfec6362022-02-14 08:45:04.732root 11241100x80000000000000001745574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f7d5281568197a2022-02-14 08:45:04.732root 11241100x80000000000000001745575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.733{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad2c011d6c21d052022-02-14 08:45:04.733root 11241100x80000000000000001745576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.733{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a05c2565e26cf32022-02-14 08:45:04.733root 11241100x80000000000000001745577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.733{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46741a8f30ae76f12022-02-14 08:45:04.733root 11241100x80000000000000001745578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.733{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6502ae3e22e5cc32022-02-14 08:45:04.733root 11241100x80000000000000001745579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.733{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7593600bbaa2752022-02-14 08:45:04.733root 11241100x80000000000000001745580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.733{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8858c03bebad4b2e2022-02-14 08:45:04.733root 11241100x80000000000000001745581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.733{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65385d3b5ddbfae22022-02-14 08:45:04.733root 11241100x80000000000000001745582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e838764a6ed10212022-02-14 08:45:04.734root 11241100x80000000000000001745583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f0caf8171e91862022-02-14 08:45:04.734root 11241100x80000000000000001745584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c249851411f1c32022-02-14 08:45:04.734root 11241100x80000000000000001745585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233ea7fbb0dcf1802022-02-14 08:45:04.734root 11241100x80000000000000001745586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9853f8a4f4199552022-02-14 08:45:04.734root 11241100x80000000000000001745587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2675e28632fee4222022-02-14 08:45:04.734root 11241100x80000000000000001745588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c08bdc9779f8f9a2022-02-14 08:45:04.734root 11241100x80000000000000001745589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c8a0236c90880a2022-02-14 08:45:04.734root 11241100x80000000000000001745590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642d21c3e7d4b53e2022-02-14 08:45:04.735root 11241100x80000000000000001745591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a8c31cf1daef942022-02-14 08:45:04.735root 11241100x80000000000000001745592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05ce219cac07d292022-02-14 08:45:04.735root 11241100x80000000000000001745593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9a88340304cb1b2022-02-14 08:45:04.735root 11241100x80000000000000001745594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ce0f2dfbdc7ed32022-02-14 08:45:04.735root 11241100x80000000000000001745595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26268d8e59f486352022-02-14 08:45:04.735root 11241100x80000000000000001745596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacd495c51ce51f72022-02-14 08:45:04.735root 11241100x80000000000000001745597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119ac09b422155722022-02-14 08:45:04.736root 11241100x80000000000000001745598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da51605189b0233e2022-02-14 08:45:04.736root 11241100x80000000000000001745599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585c7e81a83688422022-02-14 08:45:04.736root 11241100x80000000000000001745600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68aa442d3ccfc2222022-02-14 08:45:04.736root 11241100x80000000000000001745601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa41f48a54652e362022-02-14 08:45:04.736root 11241100x80000000000000001745602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1152a29765c34d52022-02-14 08:45:04.736root 11241100x80000000000000001745603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad12cdcca1e12012022-02-14 08:45:04.736root 11241100x80000000000000001745604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.737{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3cbe3fdec58a762022-02-14 08:45:04.737root 11241100x80000000000000001745605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.737{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b282ff2ed5098e262022-02-14 08:45:04.737root 11241100x80000000000000001745606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.738{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661d08e96130fbd32022-02-14 08:45:04.738root 11241100x80000000000000001745607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.738{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eaec9129aee9f522022-02-14 08:45:04.738root 11241100x80000000000000001745608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.738{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e9a7723d5394e02022-02-14 08:45:04.738root 11241100x80000000000000001745609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.738{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a9f32e3d7842172022-02-14 08:45:04.738root 11241100x80000000000000001745610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.738{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a22eb2a9000b872022-02-14 08:45:04.738root 11241100x80000000000000001745611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.738{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72189e92066120e72022-02-14 08:45:04.738root 11241100x80000000000000001745612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.738{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc9a2bbb41c33342022-02-14 08:45:04.738root 11241100x80000000000000001745613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fbf8b6fcd4e51432022-02-14 08:45:04.739root 11241100x80000000000000001745614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83193d059cb397c22022-02-14 08:45:04.739root 11241100x80000000000000001745615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d96d0b562e1cbe62022-02-14 08:45:04.739root 11241100x80000000000000001745616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3df61af67b9426d2022-02-14 08:45:04.739root 11241100x80000000000000001745617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20ebb38de8b5d312022-02-14 08:45:04.739root 11241100x80000000000000001745618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db48da904d8030b42022-02-14 08:45:04.739root 11241100x80000000000000001745619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8564bd75283093c2022-02-14 08:45:04.739root 11241100x80000000000000001745620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf79da3454c1fc72022-02-14 08:45:04.739root 11241100x80000000000000001745621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874db80523b1ab102022-02-14 08:45:04.740root 11241100x80000000000000001745622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d359f61f8699cf42022-02-14 08:45:04.740root 11241100x80000000000000001745623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30d8a512c0513652022-02-14 08:45:04.740root 11241100x80000000000000001745624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b31f5cff5a6e4a2022-02-14 08:45:04.740root 11241100x80000000000000001745625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c7bd3e6057e39f2022-02-14 08:45:04.740root 11241100x80000000000000001745626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1287a5729cc3b982022-02-14 08:45:04.740root 11241100x80000000000000001745627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de337d994d266efa2022-02-14 08:45:04.740root 11241100x80000000000000001745628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6196cf982fabc19e2022-02-14 08:45:04.741root 11241100x80000000000000001745629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c86000a8c99ec0f2022-02-14 08:45:04.741root 11241100x80000000000000001745630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c8e95968a3947e2022-02-14 08:45:04.741root 11241100x80000000000000001745631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf56ac42290e9d52022-02-14 08:45:04.741root 11241100x80000000000000001745632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0163388a19cdae9d2022-02-14 08:45:04.741root 11241100x80000000000000001745633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7896965a0d7d07b82022-02-14 08:45:04.741root 11241100x80000000000000001745634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1282bd1910cdd52022-02-14 08:45:04.741root 11241100x80000000000000001745635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2f074263e5ffca2022-02-14 08:45:04.742root 11241100x80000000000000001745636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7abc965fb4f7b42022-02-14 08:45:04.742root 11241100x80000000000000001745637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ef57252c4bc7fc2022-02-14 08:45:04.742root 11241100x80000000000000001745638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0810669e6e11d59f2022-02-14 08:45:04.742root 11241100x80000000000000001745639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57f40b68744ee672022-02-14 08:45:04.742root 11241100x80000000000000001745640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.744{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a65fd8979e15e82022-02-14 08:45:04.744root 11241100x80000000000000001745641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.744{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c375490176eee9c2022-02-14 08:45:04.744root 11241100x80000000000000001745642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.744{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bc358631e31ddd2022-02-14 08:45:04.744root 11241100x80000000000000001745643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.744{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8add9bdc5e3947a82022-02-14 08:45:04.744root 11241100x80000000000000001745644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.744{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcc1019a629b2752022-02-14 08:45:04.744root 11241100x80000000000000001745645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.744{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7ed8488cbffc312022-02-14 08:45:04.744root 11241100x80000000000000001745646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066e7bf52c5b9bbb2022-02-14 08:45:04.745root 11241100x80000000000000001745647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91f4c64d81407b82022-02-14 08:45:04.745root 11241100x80000000000000001745648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cbc183be9bd71d2022-02-14 08:45:04.745root 11241100x80000000000000001745649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eca643ec9fe64e82022-02-14 08:45:04.745root 11241100x80000000000000001745650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f028f1c06003fc62022-02-14 08:45:04.745root 11241100x80000000000000001745651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e6d880442068cf2022-02-14 08:45:04.745root 11241100x80000000000000001745652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36621d71602fc2512022-02-14 08:45:04.745root 11241100x80000000000000001745653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3ffd2796abec132022-02-14 08:45:04.746root 11241100x80000000000000001745654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66abe5dfab42029e2022-02-14 08:45:04.746root 11241100x80000000000000001745655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67e0c3119ee5c3a2022-02-14 08:45:04.746root 11241100x80000000000000001745656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b5dec2fca06ef42022-02-14 08:45:04.746root 11241100x80000000000000001745657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acfe12f76b9d55d2022-02-14 08:45:04.746root 11241100x80000000000000001745658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda8947b8b344c432022-02-14 08:45:04.746root 11241100x80000000000000001745659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cff6f4fdd04e492022-02-14 08:45:04.747root 11241100x80000000000000001745660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d785a8c642b54b652022-02-14 08:45:04.747root 11241100x80000000000000001745661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e120d0033732a02022-02-14 08:45:04.747root 11241100x80000000000000001745662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fbae37862547bc2022-02-14 08:45:04.747root 11241100x80000000000000001745663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405fdc33026071dc2022-02-14 08:45:04.747root 11241100x80000000000000001745664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f44353f73c340bb2022-02-14 08:45:04.747root 11241100x80000000000000001745665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ea116cbdf4d46f2022-02-14 08:45:04.747root 11241100x80000000000000001745666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56819d90e18ccd92022-02-14 08:45:04.748root 11241100x80000000000000001745667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89113b7c7dbe9a412022-02-14 08:45:04.748root 11241100x80000000000000001745668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a9dd07dd441f172022-02-14 08:45:04.748root 11241100x80000000000000001745669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f877e6e21609782022-02-14 08:45:04.748root 11241100x80000000000000001745670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae680504d32af7852022-02-14 08:45:04.748root 11241100x80000000000000001745671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9537c05d8af4e452022-02-14 08:45:04.748root 11241100x80000000000000001745672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d5b225f6d9bbd42022-02-14 08:45:04.748root 11241100x80000000000000001745673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86cce71aa26f06c2022-02-14 08:45:04.749root 11241100x80000000000000001745674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db84abff102f3a42022-02-14 08:45:04.749root 11241100x80000000000000001745675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd984ef234bb4942022-02-14 08:45:04.749root 11241100x80000000000000001745676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7daa99cb754f7002022-02-14 08:45:04.749root 154100x80000000000000001745677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.792{ec2ab09f-1690-620a-6842-504176550000}1932/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-a036-7b0000000000}1930/usr/bin/python3.6/usr/bin/python3root 154100x80000000000000001745678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.792{ec2ab09f-1690-620a-b0ff-d2c4067f0000}1932/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-a036-7b0000000000}1930/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000001745679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.794{ec2ab09f-1690-620a-b0ff-d2c4067f0000}1932/sbin/ldconfig.realroot 534500x80000000000000001745680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:04.998{00000000-0000-0000-0000-000000000000}1933<unknown process>root 11241100x80000000000000001745681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.000{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0522c9f17300a3d2022-02-14 08:45:05.000root 11241100x80000000000000001745682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.000{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d92b6607fd8bcc2022-02-14 08:45:05.000root 11241100x80000000000000001745683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.000{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994be898f03d87ca2022-02-14 08:45:05.000root 11241100x80000000000000001745684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.000{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049c62c89dfcd62c2022-02-14 08:45:05.000root 11241100x80000000000000001745685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.000{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b30d8e174318a22022-02-14 08:45:05.000root 11241100x80000000000000001745686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.000{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5f5bd1cac7ef862022-02-14 08:45:05.000root 11241100x80000000000000001745687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.000{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d681db27a87aa4ec2022-02-14 08:45:05.000root 11241100x80000000000000001745688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.000{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6748c4e104bd2102022-02-14 08:45:05.000root 11241100x80000000000000001745689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.000{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ce43ffe656f9ae2022-02-14 08:45:05.000root 11241100x80000000000000001745690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.000{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a72e8f215d20a52022-02-14 08:45:05.000root 11241100x80000000000000001745691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.001{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153ca6dc7fd7d6eb2022-02-14 08:45:05.001root 11241100x80000000000000001745692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.002{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db11c4ea6b376db2022-02-14 08:45:05.002root 11241100x80000000000000001745693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.002{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bee08cab9717d62022-02-14 08:45:05.002root 11241100x80000000000000001745694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.002{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d5514f2d16921c2022-02-14 08:45:05.002root 11241100x80000000000000001745695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.002{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b158cce982c0392022-02-14 08:45:05.002root 11241100x80000000000000001745696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.003{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c277c2643abbdf2022-02-14 08:45:05.003root 11241100x80000000000000001745697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.003{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e9e0b9cb07f2642022-02-14 08:45:05.003root 11241100x80000000000000001745698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.003{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eead61e95dfc6e1f2022-02-14 08:45:05.003root 11241100x80000000000000001745699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.003{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80379d6dc22cc642022-02-14 08:45:05.003root 11241100x80000000000000001745700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.003{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a288c0e75cb3b612022-02-14 08:45:05.003root 11241100x80000000000000001745701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.003{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75388e241e2a72f62022-02-14 08:45:05.003root 11241100x80000000000000001745702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.003{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ab17da42d54d572022-02-14 08:45:05.003root 11241100x80000000000000001745703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.003{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b257dce893e2b9cf2022-02-14 08:45:05.003root 11241100x80000000000000001745704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.003{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b2aafdf3eb86a92022-02-14 08:45:05.003root 11241100x80000000000000001745705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.003{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fec161b29c25492022-02-14 08:45:05.003root 11241100x80000000000000001745706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.004{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b133d15f948072662022-02-14 08:45:05.004root 11241100x80000000000000001745707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.004{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab463694eafe7522022-02-14 08:45:05.004root 11241100x80000000000000001745708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.004{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf08088be3a4cc082022-02-14 08:45:05.004root 11241100x80000000000000001745709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.004{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894675c94a0a36e32022-02-14 08:45:05.004root 11241100x80000000000000001745710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.004{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b616d7038bcf7b2022-02-14 08:45:05.004root 11241100x80000000000000001745711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.007{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388ff761e83600fa2022-02-14 08:45:05.007root 11241100x80000000000000001745712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.007{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8231a2294f3fd3dc2022-02-14 08:45:05.007root 11241100x80000000000000001745713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.007{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf720e5782ea5a92022-02-14 08:45:05.007root 11241100x80000000000000001745714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.007{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7647f1ac7997702c2022-02-14 08:45:05.007root 11241100x80000000000000001745715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.007{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab33e407b85fba92022-02-14 08:45:05.007root 11241100x80000000000000001745716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.007{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d7a8a9430fea602022-02-14 08:45:05.007root 11241100x80000000000000001745717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.007{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50327fc5b040483d2022-02-14 08:45:05.007root 11241100x80000000000000001745718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.008{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b395cb568362082022-02-14 08:45:05.008root 11241100x80000000000000001745719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.010{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e852870eeea84392022-02-14 08:45:05.010root 11241100x80000000000000001745720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.010{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76bcb85966a1b4d2022-02-14 08:45:05.010root 11241100x80000000000000001745721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.011{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42647e2a60d30bd2022-02-14 08:45:05.011root 11241100x80000000000000001745722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.011{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e382894f7caadc6c2022-02-14 08:45:05.011root 11241100x80000000000000001745723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.011{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621ddb042b7bc27a2022-02-14 08:45:05.011root 11241100x80000000000000001745724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.011{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9868ff0af2af78a2022-02-14 08:45:05.011root 11241100x80000000000000001745725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.012{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d900e125efc3d72022-02-14 08:45:05.012root 11241100x80000000000000001745726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.014{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62252d83a931ea52022-02-14 08:45:05.014root 11241100x80000000000000001745727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.015{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f763e2ee5e94819b2022-02-14 08:45:05.015root 11241100x80000000000000001745728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.015{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839dcb1569518aa02022-02-14 08:45:05.015root 11241100x80000000000000001745729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.015{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0dcf54434b5c2922022-02-14 08:45:05.015root 11241100x80000000000000001745730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.015{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f94eb6d44c2f8a2022-02-14 08:45:05.015root 11241100x80000000000000001745731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.015{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1912a91c9a5b0dd2022-02-14 08:45:05.015root 11241100x80000000000000001745732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.018{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56181e67e76f6e492022-02-14 08:45:05.018root 11241100x80000000000000001745733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.018{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eee957f28c74afd2022-02-14 08:45:05.018root 11241100x80000000000000001745734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.018{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd286526184eff62022-02-14 08:45:05.018root 11241100x80000000000000001745735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.019{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2593ff416ff1d62022-02-14 08:45:05.019root 11241100x80000000000000001745736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.020{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9a6ae1507db6882022-02-14 08:45:05.020root 11241100x80000000000000001745737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.020{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e8acd782d93b612022-02-14 08:45:05.020root 11241100x80000000000000001745738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.020{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc40fb55539d6cc2022-02-14 08:45:05.020root 11241100x80000000000000001745739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.022{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bd3ab9719ec3842022-02-14 08:45:05.022root 11241100x80000000000000001745740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.022{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0318e26ddacfa7702022-02-14 08:45:05.022root 11241100x80000000000000001745741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.022{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e5a145ec1906be2022-02-14 08:45:05.022root 11241100x80000000000000001745742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.022{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2235082e6dd126dd2022-02-14 08:45:05.022root 11241100x80000000000000001745743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.023{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfaa97b74bf8d9fc2022-02-14 08:45:05.023root 11241100x80000000000000001745744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.023{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fe8840478697592022-02-14 08:45:05.023root 11241100x80000000000000001745745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.023{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7df4ef68f2f4512022-02-14 08:45:05.023root 11241100x80000000000000001745746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.023{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c545fa84c237f32f2022-02-14 08:45:05.023root 11241100x80000000000000001745747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.023{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e044645c22a01be22022-02-14 08:45:05.023root 11241100x80000000000000001745748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.023{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34631ecad75cbed42022-02-14 08:45:05.023root 11241100x80000000000000001745749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.023{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c41b3afc9887a52022-02-14 08:45:05.023root 11241100x80000000000000001745750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.023{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a666e0f7df5666c22022-02-14 08:45:05.023root 11241100x80000000000000001745751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.023{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1017d76d4710bc7b2022-02-14 08:45:05.023root 11241100x80000000000000001745752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.023{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540dbae6f6b656582022-02-14 08:45:05.023root 11241100x80000000000000001745753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.023{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f03cc12e4a2a8c42022-02-14 08:45:05.023root 11241100x80000000000000001745754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.023{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef23deb58425c4d2022-02-14 08:45:05.023root 11241100x80000000000000001745755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.024{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc3780e64efffe72022-02-14 08:45:05.024root 11241100x80000000000000001745756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.025{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6e720ff74e40f02022-02-14 08:45:05.025root 11241100x80000000000000001745757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.026{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd89105c5103777e2022-02-14 08:45:05.026root 11241100x80000000000000001745758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.027{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0e7aadba7136ab2022-02-14 08:45:05.027root 11241100x80000000000000001745759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.027{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9664aeb48b55492022-02-14 08:45:05.027root 11241100x80000000000000001745760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.027{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebba130ecdc52f7c2022-02-14 08:45:05.027root 11241100x80000000000000001745761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.027{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c695670ba3fbdd5d2022-02-14 08:45:05.027root 11241100x80000000000000001745762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.027{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef060c486fa88ac22022-02-14 08:45:05.027root 11241100x80000000000000001745763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.027{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5476885409aecf52022-02-14 08:45:05.027root 11241100x80000000000000001745764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.027{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bceb17474f3ff292022-02-14 08:45:05.027root 11241100x80000000000000001745765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.027{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0254ab8c1b4af12022-02-14 08:45:05.027root 11241100x80000000000000001745766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.027{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86185e024870001e2022-02-14 08:45:05.027root 11241100x80000000000000001745767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.028{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa54466d211f3dc42022-02-14 08:45:05.028root 11241100x80000000000000001745768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.028{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fcb57a76fc27742022-02-14 08:45:05.028root 11241100x80000000000000001745769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.028{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aee779d6e536b6d2022-02-14 08:45:05.028root 11241100x80000000000000001745770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.028{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a641f090d3273b4c2022-02-14 08:45:05.028root 11241100x80000000000000001745771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.028{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d356ce486add442022-02-14 08:45:05.028root 11241100x80000000000000001745772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.028{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affc7356eae9b3c72022-02-14 08:45:05.028root 11241100x80000000000000001745773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.028{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85e05e29c5d30462022-02-14 08:45:05.028root 11241100x80000000000000001745774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.028{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fbb98cf5dc8a712022-02-14 08:45:05.028root 11241100x80000000000000001745775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.029{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd2f583b19144102022-02-14 08:45:05.029root 11241100x80000000000000001745776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.029{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909ecaa44d21ecc62022-02-14 08:45:05.029root 11241100x80000000000000001745777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.029{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c0de378342167d2022-02-14 08:45:05.029root 11241100x80000000000000001745778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.029{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0018e336846ab8202022-02-14 08:45:05.029root 11241100x80000000000000001745779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.029{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cef3a2e46ec9612022-02-14 08:45:05.029root 11241100x80000000000000001745780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.029{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393c0569717c80f42022-02-14 08:45:05.029root 11241100x80000000000000001745781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.029{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdf9e99b85d92432022-02-14 08:45:05.029root 11241100x80000000000000001745782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.029{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b4c5ead76ccdc32022-02-14 08:45:05.029root 11241100x80000000000000001745783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.029{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a0ad998c24af762022-02-14 08:45:05.029root 11241100x80000000000000001745784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.029{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703c277bbb84c6242022-02-14 08:45:05.029root 11241100x80000000000000001745785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.029{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3769aa710ef82b812022-02-14 08:45:05.029root 11241100x80000000000000001745786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.034{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15b1b46c41625ec2022-02-14 08:45:05.034root 11241100x80000000000000001745787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.034{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a97f43c4865996a2022-02-14 08:45:05.034root 11241100x80000000000000001745788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.034{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70de925c5716077e2022-02-14 08:45:05.034root 11241100x80000000000000001745789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.034{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1290b18363255662022-02-14 08:45:05.034root 11241100x80000000000000001745790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.035{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668a37ed27fd79fd2022-02-14 08:45:05.035root 11241100x80000000000000001745791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.035{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac1c10e1a350d682022-02-14 08:45:05.035root 11241100x80000000000000001745792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.035{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc67170c6af9267f2022-02-14 08:45:05.035root 11241100x80000000000000001745793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.035{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9173fb29fe0d192022-02-14 08:45:05.035root 11241100x80000000000000001745794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.035{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7d6474f538ab762022-02-14 08:45:05.035root 11241100x80000000000000001745795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.035{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d51309020992a02022-02-14 08:45:05.035root 11241100x80000000000000001745796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.035{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bfc8d271af30692022-02-14 08:45:05.035root 11241100x80000000000000001745797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.035{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b31cf52689440bd2022-02-14 08:45:05.035root 11241100x80000000000000001745798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.035{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6106182a14b3695a2022-02-14 08:45:05.035root 11241100x80000000000000001745799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.035{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a061f405c58e3522022-02-14 08:45:05.035root 11241100x80000000000000001745800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.035{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb7567398e0c6e62022-02-14 08:45:05.035root 11241100x80000000000000001745801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.035{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a83e31ace604bf2022-02-14 08:45:05.035root 11241100x80000000000000001745802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.035{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d123a6714fe329592022-02-14 08:45:05.035root 11241100x80000000000000001745803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.035{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ea0dff1071cdd52022-02-14 08:45:05.035root 11241100x80000000000000001745804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.035{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342b1321d130973d2022-02-14 08:45:05.035root 11241100x80000000000000001745805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.035{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae4827228a087f82022-02-14 08:45:05.035root 11241100x80000000000000001745806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.036{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4220391312913ecf2022-02-14 08:45:05.036root 11241100x80000000000000001745807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.038{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e62538f4098769f2022-02-14 08:45:05.038root 11241100x80000000000000001745808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.038{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3430d602cd3155d32022-02-14 08:45:05.038root 11241100x80000000000000001745809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.038{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fc783fddc4c35c2022-02-14 08:45:05.038root 11241100x80000000000000001745810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e6828d5c875e7c2022-02-14 08:45:05.040root 11241100x80000000000000001745811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6cf5a81599b3f42022-02-14 08:45:05.040root 11241100x80000000000000001745812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ba91f96281fc002022-02-14 08:45:05.040root 11241100x80000000000000001745813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777b32e2202fa7ec2022-02-14 08:45:05.040root 11241100x80000000000000001745814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63ab3cf5ba838022022-02-14 08:45:05.040root 11241100x80000000000000001745815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7956793e61f3130e2022-02-14 08:45:05.040root 11241100x80000000000000001745816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463a3c11ed038ed12022-02-14 08:45:05.040root 11241100x80000000000000001745817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490281d24cf09c292022-02-14 08:45:05.040root 11241100x80000000000000001745818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9bbb92f2df47342022-02-14 08:45:05.040root 11241100x80000000000000001745819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef6b50e3921093d2022-02-14 08:45:05.040root 11241100x80000000000000001745820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b3249fbafd1b982022-02-14 08:45:05.040root 11241100x80000000000000001745821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d38db3bcfd7319b2022-02-14 08:45:05.040root 11241100x80000000000000001745822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbb92f9ebfd77072022-02-14 08:45:05.040root 11241100x80000000000000001745823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcb1e0cd7d180a92022-02-14 08:45:05.041root 11241100x80000000000000001745824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddc9192737487292022-02-14 08:45:05.041root 11241100x80000000000000001745825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a6724a467ed1582022-02-14 08:45:05.041root 11241100x80000000000000001745826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7a2543aeced7b02022-02-14 08:45:05.041root 11241100x80000000000000001745827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9a98ca8c3336dc2022-02-14 08:45:05.041root 11241100x80000000000000001745828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867aedc71ffdfd002022-02-14 08:45:05.041root 11241100x80000000000000001745829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bea4c2a9d5311112022-02-14 08:45:05.041root 11241100x80000000000000001745830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3ec2587ab5e16b2022-02-14 08:45:05.041root 11241100x80000000000000001745831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2262a61a614e97ca2022-02-14 08:45:05.041root 11241100x80000000000000001745832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f311028cb447ff9d2022-02-14 08:45:05.041root 11241100x80000000000000001745833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9c6662ec32970f2022-02-14 08:45:05.041root 11241100x80000000000000001745834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d190b8cfd5fe6fd52022-02-14 08:45:05.041root 11241100x80000000000000001745835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3eed76f62412d282022-02-14 08:45:05.041root 11241100x80000000000000001745836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.042{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966604dffd9e1c732022-02-14 08:45:05.042root 11241100x80000000000000001745837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.042{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a83d268b6de18f72022-02-14 08:45:05.042root 11241100x80000000000000001745838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.042{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f53eebdba43d23b2022-02-14 08:45:05.042root 11241100x80000000000000001745839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.042{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38a3637902e7ca92022-02-14 08:45:05.042root 11241100x80000000000000001745840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.043{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f375504b57bafed2022-02-14 08:45:05.043root 11241100x80000000000000001745841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.043{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02aa7f8375968c02022-02-14 08:45:05.043root 11241100x80000000000000001745842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.043{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb270af23f554d5e2022-02-14 08:45:05.043root 11241100x80000000000000001745843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.043{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda47b0a0d23c38f2022-02-14 08:45:05.043root 11241100x80000000000000001745844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.043{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8dd4c349d235e9e2022-02-14 08:45:05.043root 154100x80000000000000001745845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.031{ec2ab09f-1691-620a-f0b3-087171550000}1934/usr/bin/who-----who -q/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-a036-7b0000000000}1930/usr/bin/python3.6/usr/bin/python3root 11241100x80000000000000001745846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.043{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d7e8d217aa61c12022-02-14 08:45:05.043root 11241100x80000000000000001745847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.043{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b61c8350433d2722022-02-14 08:45:05.043root 11241100x80000000000000001745848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.043{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fca9101a0609702022-02-14 08:45:05.043root 11241100x80000000000000001745849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.043{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696121c401e98e4b2022-02-14 08:45:05.043root 11241100x80000000000000001745850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.043{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46efde1ac637e6732022-02-14 08:45:05.043root 11241100x80000000000000001745851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.043{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec4c836d65bb8282022-02-14 08:45:05.043root 11241100x80000000000000001745852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.043{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832de9e70e6145e72022-02-14 08:45:05.043root 534500x80000000000000001745853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.044{ec2ab09f-1691-620a-f0b3-087171550000}1934/usr/bin/whoroot 11241100x80000000000000001745854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.045{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfa951a6bb1cf9f2022-02-14 08:45:05.045root 11241100x80000000000000001745855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a38b4a930994882022-02-14 08:45:05.046root 11241100x80000000000000001745856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7dacbb9c41cad92022-02-14 08:45:05.046root 11241100x80000000000000001745857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e9c8f9359960572022-02-14 08:45:05.046root 11241100x80000000000000001745858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc2dfb3595fafc62022-02-14 08:45:05.046root 11241100x80000000000000001745859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172ca0086179e4152022-02-14 08:45:05.046root 11241100x80000000000000001745860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6a19e546a5c8462022-02-14 08:45:05.046root 11241100x80000000000000001745861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1782123aab028c82022-02-14 08:45:05.046root 11241100x80000000000000001745862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b10e653734369ec2022-02-14 08:45:05.046root 11241100x80000000000000001745863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2016a0b721df882022-02-14 08:45:05.046root 11241100x80000000000000001745864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.047{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddbb1f78b8492942022-02-14 08:45:05.047root 11241100x80000000000000001745865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.047{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c4af4febdf0d6e2022-02-14 08:45:05.047root 11241100x80000000000000001745866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.047{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb080d8558aa02d2022-02-14 08:45:05.047root 11241100x80000000000000001745867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.047{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cea2f4e7d192d82022-02-14 08:45:05.047root 11241100x80000000000000001745868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.047{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854d5c952b958ef92022-02-14 08:45:05.047root 11241100x80000000000000001745869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.047{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a4db73316217fa2022-02-14 08:45:05.047root 11241100x80000000000000001745870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.047{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa24fb23403218a82022-02-14 08:45:05.047root 11241100x80000000000000001745871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.047{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a06002cec311a942022-02-14 08:45:05.047root 11241100x80000000000000001745872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.047{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a3d4105b113d402022-02-14 08:45:05.047root 11241100x80000000000000001745873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.047{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68affc4f2ae782762022-02-14 08:45:05.047root 11241100x80000000000000001745874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.047{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bf7e23975d7b272022-02-14 08:45:05.047root 11241100x80000000000000001745875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.047{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9125a435f67ae92022-02-14 08:45:05.047root 11241100x80000000000000001745876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.047{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d195f850765231222022-02-14 08:45:05.047root 11241100x80000000000000001745877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.047{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16164fddef927c62022-02-14 08:45:05.047root 11241100x80000000000000001745878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.047{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec81be48a77eff8e2022-02-14 08:45:05.047root 11241100x80000000000000001745879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.048{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d92ead389295762022-02-14 08:45:05.048root 11241100x80000000000000001745880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.048{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c73bbf55c93dcee2022-02-14 08:45:05.048root 11241100x80000000000000001745881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.048{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03d453518419de02022-02-14 08:45:05.048root 11241100x80000000000000001745882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.048{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce846975a83b30e2022-02-14 08:45:05.048root 11241100x80000000000000001745883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.048{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f181160c53341c12022-02-14 08:45:05.048root 11241100x80000000000000001745884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.049{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e3969f31573e1f2022-02-14 08:45:05.049root 11241100x80000000000000001745885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.049{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8452680be03f06e2022-02-14 08:45:05.049root 11241100x80000000000000001745886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.049{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6b4eb3cd9597432022-02-14 08:45:05.049root 11241100x80000000000000001745887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.049{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d28f2a69af55a5a2022-02-14 08:45:05.049root 11241100x80000000000000001745888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.049{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf03db9c5dba1a02022-02-14 08:45:05.049root 11241100x80000000000000001745889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.049{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce98d17eb029c24d2022-02-14 08:45:05.049root 11241100x80000000000000001745890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.049{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0842a33a52693baf2022-02-14 08:45:05.049root 11241100x80000000000000001745891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.049{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890bd10112c21a8d2022-02-14 08:45:05.049root 11241100x80000000000000001745892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.049{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58cc0453fbad0a62022-02-14 08:45:05.049root 11241100x80000000000000001745893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.050{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9c70eaefd13bf12022-02-14 08:45:05.050root 11241100x80000000000000001745894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.050{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8085959896c280d92022-02-14 08:45:05.050root 11241100x80000000000000001745895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.050{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257ab26e149b99e02022-02-14 08:45:05.050root 11241100x80000000000000001745896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.050{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4007235a2ae4cc2022-02-14 08:45:05.050root 11241100x80000000000000001745897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.050{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6a14a3cf83be902022-02-14 08:45:05.050root 11241100x80000000000000001745898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.050{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14f9ccd6a0764982022-02-14 08:45:05.050root 11241100x80000000000000001745899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.050{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd404fef1cbc45f22022-02-14 08:45:05.050root 11241100x80000000000000001745900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.050{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4862444678f74a2022-02-14 08:45:05.050root 11241100x80000000000000001745901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.050{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91342c9bdedfd5582022-02-14 08:45:05.050root 11241100x80000000000000001745902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.050{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cf88fbdd3eba592022-02-14 08:45:05.050root 11241100x80000000000000001745903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.050{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc80bcc7206048432022-02-14 08:45:05.050root 11241100x80000000000000001745904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.050{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc3f16d21a370cc2022-02-14 08:45:05.050root 11241100x80000000000000001745905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.050{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7901ba6d8c94b622022-02-14 08:45:05.050root 11241100x80000000000000001745906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.050{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34e205093dc32302022-02-14 08:45:05.050root 11241100x80000000000000001745907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.050{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead5036189bb06852022-02-14 08:45:05.050root 11241100x80000000000000001745908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.051{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8115edf364ec63f22022-02-14 08:45:05.051root 11241100x80000000000000001745909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.051{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c707ba4016b5e0772022-02-14 08:45:05.051root 11241100x80000000000000001745910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.051{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e92976bb8f9b1e42022-02-14 08:45:05.051root 11241100x80000000000000001745911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.051{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d634dbbd9815902f2022-02-14 08:45:05.051root 11241100x80000000000000001745912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.051{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3deadeb6bc0972a2022-02-14 08:45:05.051root 11241100x80000000000000001745913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.051{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa1959c6930d40d2022-02-14 08:45:05.051root 11241100x80000000000000001745914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.051{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44898c400a22aeeb2022-02-14 08:45:05.051root 11241100x80000000000000001745915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.051{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b6a752fe6b1b652022-02-14 08:45:05.051root 11241100x80000000000000001745916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.052{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca96b29f57ea32d12022-02-14 08:45:05.052root 11241100x80000000000000001745917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.052{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f99d0723095689d2022-02-14 08:45:05.052root 11241100x80000000000000001745918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.052{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e9ff2c7be3376a2022-02-14 08:45:05.052root 11241100x80000000000000001745919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.057{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b014ce29dc851c682022-02-14 08:45:05.057root 11241100x80000000000000001745920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.058{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab5d30a7aad53f42022-02-14 08:45:05.058root 11241100x80000000000000001745921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.058{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77926d210b42a38a2022-02-14 08:45:05.058root 11241100x80000000000000001745922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.059{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1af6c41944fb7512022-02-14 08:45:05.059root 11241100x80000000000000001745923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.059{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463d619d034a624f2022-02-14 08:45:05.059root 11241100x80000000000000001745924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.059{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1eaaa514b572552022-02-14 08:45:05.059root 11241100x80000000000000001745925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.059{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948ad8b0a9353c582022-02-14 08:45:05.059root 11241100x80000000000000001745926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.059{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b0419177c06cb22022-02-14 08:45:05.059root 11241100x80000000000000001745927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.059{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f3120b4db821d22022-02-14 08:45:05.059root 11241100x80000000000000001745928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.059{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f323349ed037b82022-02-14 08:45:05.059root 11241100x80000000000000001745929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.060{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1b080b3140dfa52022-02-14 08:45:05.060root 11241100x80000000000000001745930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.060{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ef3fe90077d78e2022-02-14 08:45:05.060root 11241100x80000000000000001745931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.060{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9b9cf38e35fbc02022-02-14 08:45:05.060root 11241100x80000000000000001745932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.060{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a68fa35c17e4d7b2022-02-14 08:45:05.060root 11241100x80000000000000001745933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.060{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f548c63cbd3468a2022-02-14 08:45:05.060root 11241100x80000000000000001745934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.060{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8af9a6cb772ddf2022-02-14 08:45:05.060root 11241100x80000000000000001745935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.060{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13590a3ac274f6ef2022-02-14 08:45:05.060root 11241100x80000000000000001745936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.061{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7c5924176bd4e82022-02-14 08:45:05.061root 11241100x80000000000000001745937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.061{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df68064668960232022-02-14 08:45:05.061root 11241100x80000000000000001745938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.061{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5ed60192c751122022-02-14 08:45:05.061root 11241100x80000000000000001745939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.061{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f934a4ff0429af832022-02-14 08:45:05.061root 11241100x80000000000000001745940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.061{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a9b66a77af89922022-02-14 08:45:05.061root 11241100x80000000000000001745941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.061{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a19163383164d02022-02-14 08:45:05.061root 11241100x80000000000000001745942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.061{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a4c249d345f4942022-02-14 08:45:05.061root 11241100x80000000000000001745943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.061{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d70d31aada63b9e2022-02-14 08:45:05.061root 11241100x80000000000000001745944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.062{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb086f44bf511f82022-02-14 08:45:05.062root 11241100x80000000000000001745945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.062{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609bbd45ef40d3462022-02-14 08:45:05.062root 11241100x80000000000000001745946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.062{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7231798bf9a87122022-02-14 08:45:05.062root 11241100x80000000000000001745947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.062{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a02ad4bbe93f472022-02-14 08:45:05.062root 11241100x80000000000000001745948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.062{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405e3e0a8e7ddd032022-02-14 08:45:05.062root 11241100x80000000000000001745949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.062{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dabd4b71bb837b92022-02-14 08:45:05.062root 11241100x80000000000000001745950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.062{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c345b6d9f3faf582022-02-14 08:45:05.062root 11241100x80000000000000001745951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.063{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ec3bd81ed55a852022-02-14 08:45:05.063root 11241100x80000000000000001745952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.063{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782744f2b400bd7c2022-02-14 08:45:05.063root 11241100x80000000000000001745953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.063{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41f838c5e746cf12022-02-14 08:45:05.063root 11241100x80000000000000001745954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.063{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf4017456ad377f2022-02-14 08:45:05.063root 11241100x80000000000000001745955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.063{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e43557abf2a6572022-02-14 08:45:05.063root 11241100x80000000000000001745956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.063{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804da7f09a1375b32022-02-14 08:45:05.063root 11241100x80000000000000001745957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.063{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e437650487bdab2022-02-14 08:45:05.063root 11241100x80000000000000001745958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.064{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbb998442ed3aa42022-02-14 08:45:05.064root 11241100x80000000000000001745959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.064{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009d116ca3a1cfd02022-02-14 08:45:05.064root 11241100x80000000000000001745960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.064{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa91bd5d725d187a2022-02-14 08:45:05.064root 11241100x80000000000000001745961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.064{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69617287664c7ad62022-02-14 08:45:05.064root 11241100x80000000000000001745962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.064{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b4aba7077b730b2022-02-14 08:45:05.064root 11241100x80000000000000001745963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.064{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9642f2987230b04b2022-02-14 08:45:05.064root 11241100x80000000000000001745964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.064{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a386a07b2800772022-02-14 08:45:05.064root 11241100x80000000000000001745965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.064{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3d1500e322f1c02022-02-14 08:45:05.064root 11241100x80000000000000001745966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.065{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3299e1ecd7ade99f2022-02-14 08:45:05.065root 11241100x80000000000000001745967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.065{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed01cfafbd5779ab2022-02-14 08:45:05.065root 11241100x80000000000000001745968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.065{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565e38300af4dfa22022-02-14 08:45:05.065root 11241100x80000000000000001745969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.065{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509b7d23d9e43f792022-02-14 08:45:05.065root 11241100x80000000000000001745970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.065{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af18dd78b364d6172022-02-14 08:45:05.065root 11241100x80000000000000001745971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.065{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d2025a54354d612022-02-14 08:45:05.065root 11241100x80000000000000001745972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.065{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff9ef84d60a9ef72022-02-14 08:45:05.065root 11241100x80000000000000001745973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.066{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d3ccef144118e92022-02-14 08:45:05.066root 11241100x80000000000000001745974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.066{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97d292b800764ce2022-02-14 08:45:05.066root 11241100x80000000000000001745975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.066{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10672374575ac842022-02-14 08:45:05.066root 11241100x80000000000000001745976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.066{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b61d1e608e6ab3a2022-02-14 08:45:05.066root 11241100x80000000000000001745977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.066{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de47fc2d41533d722022-02-14 08:45:05.066root 11241100x80000000000000001745978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.066{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ea8a94a8bc266d2022-02-14 08:45:05.066root 11241100x80000000000000001745979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.067{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace0b729f7cf9d4c2022-02-14 08:45:05.067root 11241100x80000000000000001745980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.067{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf00cee8a2766b862022-02-14 08:45:05.067root 11241100x80000000000000001745981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.067{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed148ecdeee63182022-02-14 08:45:05.067root 11241100x80000000000000001745982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.067{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d178ec072f4533012022-02-14 08:45:05.067root 11241100x80000000000000001745983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.067{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9fb8e0739f00312022-02-14 08:45:05.067root 11241100x80000000000000001745984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.067{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d168e2eacc74c482022-02-14 08:45:05.067root 11241100x80000000000000001745985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.068{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb95e3a58fe1fc72022-02-14 08:45:05.068root 11241100x80000000000000001745986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.069{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23e85e1e49991c12022-02-14 08:45:05.069root 11241100x80000000000000001745987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.070{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d71ca3c300bbc232022-02-14 08:45:05.070root 11241100x80000000000000001745988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.070{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf53b5eb086bf82e2022-02-14 08:45:05.070root 11241100x80000000000000001745989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.070{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbd3c1e59c48b842022-02-14 08:45:05.070root 11241100x80000000000000001745990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.071{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0c386207853f242022-02-14 08:45:05.071root 11241100x80000000000000001745991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.071{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73e060c435766ea2022-02-14 08:45:05.071root 11241100x80000000000000001745992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.071{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b582a7ead831bb2022-02-14 08:45:05.071root 11241100x80000000000000001745993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.071{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae16c9f397b498c2022-02-14 08:45:05.071root 11241100x80000000000000001745994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.071{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b21d5eff034f2932022-02-14 08:45:05.071root 11241100x80000000000000001745995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.071{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3281773c8b9d44c72022-02-14 08:45:05.071root 11241100x80000000000000001745996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.071{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7113bde424400a2022-02-14 08:45:05.071root 11241100x80000000000000001745997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.072{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46957cfa1d0bf1e82022-02-14 08:45:05.072root 11241100x80000000000000001745998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.072{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f43daed99cc9c02022-02-14 08:45:05.072root 11241100x80000000000000001745999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.072{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b574802462378d82022-02-14 08:45:05.072root 11241100x80000000000000001746000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.072{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4704fa07bf06d372022-02-14 08:45:05.072root 11241100x80000000000000001746001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.072{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d650f837cb77e22022-02-14 08:45:05.072root 11241100x80000000000000001746002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.072{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c15a56b06e79b62022-02-14 08:45:05.072root 11241100x80000000000000001746003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.073{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3ce486440dc4792022-02-14 08:45:05.073root 11241100x80000000000000001746004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.073{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163ffc886f531bea2022-02-14 08:45:05.073root 11241100x80000000000000001746005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.073{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f396380f92336e2022-02-14 08:45:05.073root 11241100x80000000000000001746006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.073{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bc85d9a1dbd48e2022-02-14 08:45:05.073root 11241100x80000000000000001746007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.073{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9247184396c0904f2022-02-14 08:45:05.073root 11241100x80000000000000001746008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.073{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d3c7acd66b5a702022-02-14 08:45:05.073root 11241100x80000000000000001746009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.074{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18346df57281d2732022-02-14 08:45:05.074root 11241100x80000000000000001746010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.074{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54309f80d98f289e2022-02-14 08:45:05.074root 11241100x80000000000000001746011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.074{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a1127b71e4334b2022-02-14 08:45:05.074root 11241100x80000000000000001746012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.074{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cf33b9ffb6357a2022-02-14 08:45:05.074root 11241100x80000000000000001746013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.074{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665cb440c08fa7552022-02-14 08:45:05.074root 11241100x80000000000000001746014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.074{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870edc5481ee03592022-02-14 08:45:05.074root 11241100x80000000000000001746015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.074{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b5c27ea6799c342022-02-14 08:45:05.074root 11241100x80000000000000001746016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.075{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41cb5d3665c67182022-02-14 08:45:05.075root 11241100x80000000000000001746017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.075{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3a57212f08742e2022-02-14 08:45:05.075root 11241100x80000000000000001746018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.075{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd16101e038e6a02022-02-14 08:45:05.075root 11241100x80000000000000001746019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.075{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4843606905fbfc2022-02-14 08:45:05.075root 11241100x80000000000000001746020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.075{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5405400371f31f62022-02-14 08:45:05.075root 11241100x80000000000000001746021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.075{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e7dbdacf4c58022022-02-14 08:45:05.075root 11241100x80000000000000001746022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.075{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af30fbb786bd4402022-02-14 08:45:05.075root 11241100x80000000000000001746023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.075{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a735142f2ddb3942022-02-14 08:45:05.075root 11241100x80000000000000001746024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.076{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0301b33ffb73bd72022-02-14 08:45:05.076root 11241100x80000000000000001746025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.076{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae8afa1a9aecb302022-02-14 08:45:05.076root 11241100x80000000000000001746026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.076{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7564b60aa8e26ab2022-02-14 08:45:05.076root 11241100x80000000000000001746027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.076{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4f0a646682a3962022-02-14 08:45:05.076root 11241100x80000000000000001746028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.076{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832a89d7074f5f662022-02-14 08:45:05.076root 11241100x80000000000000001746029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.076{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1f41fa9bb4a88d2022-02-14 08:45:05.076root 11241100x80000000000000001746030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.076{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8305f74931519e712022-02-14 08:45:05.076root 11241100x80000000000000001746031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.077{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadd92f8896d22b32022-02-14 08:45:05.077root 11241100x80000000000000001746032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.077{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e85ce8bca09a102022-02-14 08:45:05.077root 11241100x80000000000000001746033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.077{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b2a60d9c4b21022022-02-14 08:45:05.077root 11241100x80000000000000001746034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.077{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e84c6a9dd055d752022-02-14 08:45:05.077root 11241100x80000000000000001746035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.077{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da018df0e4af61f32022-02-14 08:45:05.077root 11241100x80000000000000001746036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.077{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2996fa535268e2662022-02-14 08:45:05.077root 11241100x80000000000000001746037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.077{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43c8cf2189cf8a62022-02-14 08:45:05.077root 11241100x80000000000000001746038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.077{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af057424100a41e32022-02-14 08:45:05.077root 11241100x80000000000000001746039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.078{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d6f3ea4093615a2022-02-14 08:45:05.078root 11241100x80000000000000001746040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.078{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9a7e26883935172022-02-14 08:45:05.078root 11241100x80000000000000001746041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.078{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09393e268c2cebe2022-02-14 08:45:05.078root 11241100x80000000000000001746042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.078{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73dafd51c0c9cba62022-02-14 08:45:05.078root 11241100x80000000000000001746043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.078{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c07b0edf5da55c2022-02-14 08:45:05.078root 11241100x80000000000000001746044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.078{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2a446b34ae02622022-02-14 08:45:05.078root 11241100x80000000000000001746045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.078{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eda09d4d112f4342022-02-14 08:45:05.078root 11241100x80000000000000001746046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.078{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf125eeb73b76812022-02-14 08:45:05.078root 11241100x80000000000000001746047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.079{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c004d017225e97432022-02-14 08:45:05.079root 11241100x80000000000000001746048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.079{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131bda6495a029422022-02-14 08:45:05.079root 11241100x80000000000000001746049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.079{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6267ecba136e43322022-02-14 08:45:05.079root 11241100x80000000000000001746050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.079{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f711cc8d911bf4c12022-02-14 08:45:05.079root 11241100x80000000000000001746051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.079{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58f89d0c56ed3ee2022-02-14 08:45:05.079root 11241100x80000000000000001746052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.079{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5c646d6eeeb7312022-02-14 08:45:05.079root 11241100x80000000000000001746053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.079{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f386654de9745d482022-02-14 08:45:05.079root 11241100x80000000000000001746054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.079{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d9a0a933c51bb22022-02-14 08:45:05.079root 11241100x80000000000000001746055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.080{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a97e31917c342092022-02-14 08:45:05.080root 11241100x80000000000000001746056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.080{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75850680271337952022-02-14 08:45:05.080root 11241100x80000000000000001746057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.080{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4ca7614d8c7bb42022-02-14 08:45:05.080root 11241100x80000000000000001746058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.080{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c535ae5f06887c2b2022-02-14 08:45:05.080root 11241100x80000000000000001746059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.080{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac08dacf535c4ff2022-02-14 08:45:05.080root 11241100x80000000000000001746060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.080{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef544945e2fbf2542022-02-14 08:45:05.080root 11241100x80000000000000001746061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.080{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbea6e1779a8aa4c2022-02-14 08:45:05.080root 11241100x80000000000000001746062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.080{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7596ddc28693b0592022-02-14 08:45:05.080root 11241100x80000000000000001746063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.081{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d260067d001038a2022-02-14 08:45:05.081root 11241100x80000000000000001746064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.081{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50ee0d5e17f8d0d2022-02-14 08:45:05.081root 11241100x80000000000000001746065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.081{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e865b485d612e0832022-02-14 08:45:05.081root 11241100x80000000000000001746066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.081{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38ab3652ce85d3b2022-02-14 08:45:05.081root 11241100x80000000000000001746067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.082{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08702b77a92fa0e42022-02-14 08:45:05.082root 11241100x80000000000000001746068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.082{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9728c332bc65bc332022-02-14 08:45:05.082root 11241100x80000000000000001746069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.082{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd80ba61608f39e72022-02-14 08:45:05.082root 11241100x80000000000000001746070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.082{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db952180434bcf912022-02-14 08:45:05.082root 11241100x80000000000000001746071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.082{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48361c559e5650422022-02-14 08:45:05.082root 11241100x80000000000000001746072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.082{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad20fa87e4745bc82022-02-14 08:45:05.082root 11241100x80000000000000001746073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.082{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb981eb72f753972022-02-14 08:45:05.082root 11241100x80000000000000001746074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.083{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1ade188979209a2022-02-14 08:45:05.083root 11241100x80000000000000001746075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.083{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47065e82adcf69f2022-02-14 08:45:05.083root 11241100x80000000000000001746076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.083{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7454c140b6ba623b2022-02-14 08:45:05.083root 11241100x80000000000000001746077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.083{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89839f7e1ee08192022-02-14 08:45:05.083root 11241100x80000000000000001746078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.083{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff1016473f119b82022-02-14 08:45:05.083root 11241100x80000000000000001746079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.083{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883dbf618acdf5262022-02-14 08:45:05.083root 11241100x80000000000000001746080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.083{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d76d02c17e89fa22022-02-14 08:45:05.083root 11241100x80000000000000001746081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.083{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ab02424d6f13bd2022-02-14 08:45:05.083root 11241100x80000000000000001746082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.084{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5951309884692ee62022-02-14 08:45:05.084root 11241100x80000000000000001746083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.084{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485dcc8a7750021c2022-02-14 08:45:05.084root 11241100x80000000000000001746084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.084{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fa1947e9c4317b2022-02-14 08:45:05.084root 11241100x80000000000000001746085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.084{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745cd5812869016e2022-02-14 08:45:05.084root 11241100x80000000000000001746086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.084{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c9fd88adef17632022-02-14 08:45:05.084root 11241100x80000000000000001746087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.084{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14dea007bbd578f32022-02-14 08:45:05.084root 11241100x80000000000000001746088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.084{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1299974a5b783472022-02-14 08:45:05.084root 11241100x80000000000000001746089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.085{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d195b766a6a0c802022-02-14 08:45:05.085root 11241100x80000000000000001746090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.085{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84e30f3e61470562022-02-14 08:45:05.085root 11241100x80000000000000001746091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.085{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57729160c56e82ec2022-02-14 08:45:05.085root 11241100x80000000000000001746092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.085{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1259825071db5ad2022-02-14 08:45:05.085root 11241100x80000000000000001746093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.085{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524960cb50f497352022-02-14 08:45:05.085root 11241100x80000000000000001746094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.085{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174e0c3edc2a4a232022-02-14 08:45:05.085root 11241100x80000000000000001746095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.086{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eafb585be56d0a62022-02-14 08:45:05.086root 11241100x80000000000000001746096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.086{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0642076f2008ae652022-02-14 08:45:05.086root 11241100x80000000000000001746097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.086{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c6eb52796ef1042022-02-14 08:45:05.086root 11241100x80000000000000001746098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.086{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535b7365da68a69f2022-02-14 08:45:05.086root 11241100x80000000000000001746099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.086{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0957e2b4d3a3fee2022-02-14 08:45:05.086root 11241100x80000000000000001746100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.086{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697c63ab4b0305e12022-02-14 08:45:05.086root 11241100x80000000000000001746101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.086{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e0c2f744e6fd6b2022-02-14 08:45:05.086root 11241100x80000000000000001746102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.086{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0493741d5d2091d12022-02-14 08:45:05.086root 11241100x80000000000000001746103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.087{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb75e2bb9c09e0e72022-02-14 08:45:05.087root 11241100x80000000000000001746104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.087{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4941abdd1d5c57ca2022-02-14 08:45:05.087root 11241100x80000000000000001746105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.087{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3995461f2a9dcd882022-02-14 08:45:05.087root 11241100x80000000000000001746106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.087{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e03f9bc36694232022-02-14 08:45:05.087root 11241100x80000000000000001746107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.087{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4926af34ab93792022-02-14 08:45:05.087root 11241100x80000000000000001746108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.087{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601a2f87fe42a1622022-02-14 08:45:05.087root 11241100x80000000000000001746109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.088{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6721631f971842362022-02-14 08:45:05.088root 11241100x80000000000000001746110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.088{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5362c4fa8cad8e642022-02-14 08:45:05.088root 11241100x80000000000000001746111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.088{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b767ffb1dc2622d72022-02-14 08:45:05.088root 11241100x80000000000000001746112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.088{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b85a423a289784b2022-02-14 08:45:05.088root 11241100x80000000000000001746113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.088{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b5ef9bcbf88f4b2022-02-14 08:45:05.088root 11241100x80000000000000001746114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.089{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09940d701b406ecc2022-02-14 08:45:05.089root 11241100x80000000000000001746115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.089{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13af1a849de911e72022-02-14 08:45:05.089root 11241100x80000000000000001746116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.089{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8e3ca08b8db6782022-02-14 08:45:05.089root 11241100x80000000000000001746117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.089{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4458412887d61d242022-02-14 08:45:05.089root 11241100x80000000000000001746118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.089{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a65d9d79d35e33e2022-02-14 08:45:05.089root 11241100x80000000000000001746119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.089{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea112a987ddca982022-02-14 08:45:05.089root 11241100x80000000000000001746120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.089{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b907cb430f80e622022-02-14 08:45:05.089root 11241100x80000000000000001746121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.089{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e703b7605db48922022-02-14 08:45:05.089root 11241100x80000000000000001746122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.089{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf9dff54aedaf3f2022-02-14 08:45:05.089root 11241100x80000000000000001746123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.089{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c9390b893795c12022-02-14 08:45:05.089root 11241100x80000000000000001746124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.089{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd310acbec867642022-02-14 08:45:05.089root 11241100x80000000000000001746125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.090{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05550b91e9ac21f02022-02-14 08:45:05.090root 11241100x80000000000000001746126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.090{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996f72ab8760da3c2022-02-14 08:45:05.090root 11241100x80000000000000001746127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.090{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604486da3621ea262022-02-14 08:45:05.090root 11241100x80000000000000001746128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.090{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d872b34b36619f52022-02-14 08:45:05.090root 11241100x80000000000000001746129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.090{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fe3a55b10e48512022-02-14 08:45:05.090root 11241100x80000000000000001746130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.090{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8dfe4a0d14bbb12022-02-14 08:45:05.090root 11241100x80000000000000001746131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.090{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e4566dd6adb3b72022-02-14 08:45:05.090root 11241100x80000000000000001746132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.090{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982f0037668b77382022-02-14 08:45:05.090root 11241100x80000000000000001746133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.090{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd45f4d6d86b7c162022-02-14 08:45:05.090root 11241100x80000000000000001746134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.090{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3263e8e7a05c572022-02-14 08:45:05.090root 11241100x80000000000000001746135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.090{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafbd369b595734b2022-02-14 08:45:05.090root 11241100x80000000000000001746136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.091{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c23da7c5239b7322022-02-14 08:45:05.091root 11241100x80000000000000001746137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.091{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13a8cecf2673b4f2022-02-14 08:45:05.091root 11241100x80000000000000001746138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.091{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c62043c8c66e6e2022-02-14 08:45:05.091root 11241100x80000000000000001746139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.091{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f09ca046c68c812022-02-14 08:45:05.091root 11241100x80000000000000001746140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.091{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a99dd8b6d2fccce2022-02-14 08:45:05.091root 11241100x80000000000000001746141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.091{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f730dad2b6968b92022-02-14 08:45:05.091root 11241100x80000000000000001746142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.091{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63fe781e30038852022-02-14 08:45:05.091root 11241100x80000000000000001746143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.091{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db00d4a0415d80cd2022-02-14 08:45:05.091root 11241100x80000000000000001746144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.091{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdabcb3a5d4f0642022-02-14 08:45:05.091root 11241100x80000000000000001746145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.091{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2168484098fe622022-02-14 08:45:05.091root 11241100x80000000000000001746146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.091{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e719d5a9cb0c2e32022-02-14 08:45:05.091root 11241100x80000000000000001746147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.091{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22efc357cdba83282022-02-14 08:45:05.091root 11241100x80000000000000001746148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.092{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2732633021e2bcc2022-02-14 08:45:05.092root 11241100x80000000000000001746149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.092{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345bd9c01af7d69c2022-02-14 08:45:05.092root 11241100x80000000000000001746150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.092{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6ff096f2488fb32022-02-14 08:45:05.092root 11241100x80000000000000001746151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.092{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524f11763c2ba2a62022-02-14 08:45:05.092root 11241100x80000000000000001746152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.092{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddb8b46d15ec4012022-02-14 08:45:05.092root 11241100x80000000000000001746153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.092{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ebab145e3e39bf2022-02-14 08:45:05.092root 11241100x80000000000000001746154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.092{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ce43e004debb9f2022-02-14 08:45:05.092root 11241100x80000000000000001746155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.092{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab76fde5d87d40602022-02-14 08:45:05.092root 11241100x80000000000000001746156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.092{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26721cc8628ff68c2022-02-14 08:45:05.092root 11241100x80000000000000001746157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.092{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9315812022db77d2022-02-14 08:45:05.092root 534500x80000000000000001746158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.109{ec2ab09f-1690-620a-a036-7b0000000000}1930/usr/bin/python3.6root 534500x80000000000000001746159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.110{ec2ab09f-1690-620a-6832-31ad97550000}1923/bin/dashroot 154100x80000000000000001746160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.110{ec2ab09f-1691-620a-68b2-8172af550000}1935/bin/dash-----/bin/sh /etc/update-motd.d/50-motd-news/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-38aa-ec4ba0550000}1917/bin/run-partsrun-partsroot 154100x80000000000000001746161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.111{ec2ab09f-1691-620a-d049-df85d1550000}1936/bin/cat-----cat /var/cache/motd-news/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-68b2-8172af550000}1935/bin/dash/bin/shroot 154100x80000000000000001746162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.111{ec2ab09f-1691-620a-7812-de6800560000}1937/usr/bin/head-----head -n 10/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-68b2-8172af550000}1935/bin/dash/bin/shroot 154100x80000000000000001746163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.111{ec2ab09f-1691-620a-b8d0-20af06560000}1939/usr/bin/cut-----cut -c -80/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-68b2-8172af550000}1935/bin/dash/bin/shroot 154100x80000000000000001746164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.111{ec2ab09f-1691-620a-e025-82b78a550000}1938/usr/bin/tr-----tr -d \000-\011\013\014\016-\037/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-68b2-8172af550000}1935/bin/dash/bin/shroot 534500x80000000000000001746165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.112{ec2ab09f-1691-620a-d049-df85d1550000}1936/bin/catroot 534500x80000000000000001746166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.113{ec2ab09f-1691-620a-7812-de6800560000}1937/usr/bin/headroot 534500x80000000000000001746167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.113{ec2ab09f-1691-620a-b8d0-20af06560000}1939/usr/bin/cutroot 534500x80000000000000001746168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.113{ec2ab09f-1691-620a-e025-82b78a550000}1938/usr/bin/trroot 534500x80000000000000001746169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.113{ec2ab09f-1691-620a-68b2-8172af550000}1935/bin/dashroot 154100x80000000000000001746170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.113{ec2ab09f-1691-620a-6842-d341bc550000}1940/bin/dash-----/bin/sh /etc/update-motd.d/88-esm-announce/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-38aa-ec4ba0550000}1917/bin/run-partsrun-partsroot 534500x80000000000000001746171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.116{ec2ab09f-1691-620a-6842-d341bc550000}1940/bin/dashroot 154100x80000000000000001746172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.116{ec2ab09f-1691-620a-6812-380464550000}1941/bin/dash-----/bin/sh /etc/update-motd.d/90-updates-available/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-38aa-ec4ba0550000}1917/bin/run-partsrun-partsroot 154100x80000000000000001746173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.119{ec2ab09f-1691-620a-d039-c59a2e560000}1942/bin/cat-----cat /var/lib/update-notifier/updates-available/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-6812-380464550000}1941/bin/dash/bin/shroot 534500x80000000000000001746174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.120{ec2ab09f-1691-620a-d039-c59a2e560000}1942/bin/catroot 534500x80000000000000001746175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.120{ec2ab09f-1691-620a-6812-380464550000}1941/bin/dashroot 154100x80000000000000001746176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.120{ec2ab09f-1691-620a-6862-0c7988550000}1943/bin/dash-----/bin/sh /etc/update-motd.d/91-contract-ua-esm-status/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-38aa-ec4ba0550000}1917/bin/run-partsrun-partsroot 534500x80000000000000001746177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.122{ec2ab09f-1691-620a-6862-0c7988550000}1943/bin/dashroot 154100x80000000000000001746178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.122{ec2ab09f-1691-620a-6852-41fa14560000}1944/bin/dash-----/bin/sh /etc/update-motd.d/91-release-upgrade/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-38aa-ec4ba0550000}1917/bin/run-partsrun-partsroot 154100x80000000000000001746179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.134{ec2ab09f-1691-620a-b8c0-519a2f560000}1947/usr/bin/cut-----cut -d -f4/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}1945--- 154100x80000000000000001746180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.133{ec2ab09f-1691-620a-a036-7b0000000000}1946/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -sd/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}1945--- 534500x80000000000000001746181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.212{ec2ab09f-1691-620a-a036-7b0000000000}1946/usr/bin/python3.6root 534500x80000000000000001746182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.213{ec2ab09f-1691-620a-b8c0-519a2f560000}1947/usr/bin/cutroot 534500x80000000000000001746183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.213{ec2ab09f-1690-620a-0000-000000000000}1945-root 154100x80000000000000001746184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.122{ec2ab09f-1691-620a-6892-b1789e550000}1944/bin/dash-----/bin/sh -e /usr/lib/ubuntu-release-upgrader/release-upgrade-motd/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-38aa-ec4ba0550000}1917/bin/run-partsrun-partsroot 154100x80000000000000001746185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.218{ec2ab09f-1691-620a-08af-fd1314560000}1948/bin/date-----date +%s/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-6892-b1789e550000}1944/bin/dash/bin/shroot 534500x80000000000000001746186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.219{ec2ab09f-1691-620a-08af-fd1314560000}1948/bin/dateroot 154100x80000000000000001746187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.221{ec2ab09f-1691-620a-8884-eb74f2550000}1949/usr/bin/stat-----stat -c %Y /var/lib/ubuntu-release-upgrader/release-upgrade-available/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-6892-b1789e550000}1944/bin/dash/bin/shroot 534500x80000000000000001746188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.224{ec2ab09f-1691-620a-8884-eb74f2550000}1949/usr/bin/statroot 154100x80000000000000001746189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.224{ec2ab09f-1691-620a-98c5-82c0f2550000}1950/usr/bin/expr-----expr 1644580147 + 86400/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-6892-b1789e550000}1944/bin/dash/bin/shroot 534500x80000000000000001746190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.226{ec2ab09f-1691-620a-98c5-82c0f2550000}1950/usr/bin/exprroot 534500x80000000000000001746191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.226{ec2ab09f-1691-620a-6892-b1789e550000}1944/bin/dashroot 154100x80000000000000001746192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.226{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6-----/usr/bin/python3 /usr/lib/ubuntu-release-upgrader/check-new-release -q/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-0ff1-620a-5819-429342560000}1/lib/systemd/systemd/sbin/initroot 154100x80000000000000001746193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.226{ec2ab09f-1691-620a-6862-d3e2e3550000}1952/bin/dash-----/bin/sh /etc/update-motd.d/92-unattended-upgrades/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-38aa-ec4ba0550000}1917/bin/run-partsrun-partsroot 154100x80000000000000001746194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.226{ec2ab09f-1691-620a-6862-905814560000}1952/bin/dash-----/bin/sh /usr/share/unattended-upgrades/update-motd-unattended-upgrades/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-38aa-ec4ba0550000}1917/bin/run-partsrun-partsroot 534500x80000000000000001746195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.230{ec2ab09f-1691-620a-6862-905814560000}1952/bin/dashroot 154100x80000000000000001746196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.230{ec2ab09f-1691-620a-6862-21dd6c550000}1953/bin/dash-----/bin/sh /etc/update-motd.d/95-hwe-eol/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-38aa-ec4ba0550000}1917/bin/run-partsrun-partsroot 154100x80000000000000001746197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.230{ec2ab09f-1691-620a-6882-aa8b89550000}1953/bin/dash-----/bin/sh -e /usr/lib/update-notifier/update-motd-hwe-eol/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-38aa-ec4ba0550000}1917/bin/run-partsrun-partsroot 154100x80000000000000001746198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.234{ec2ab09f-1691-620a-7344-e82acf550000}1954/usr/bin/apt-config-----apt-config shell StateDir Dir::State/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-6882-aa8b89550000}1953/bin/dash/bin/shroot 154100x80000000000000001746199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.240{ec2ab09f-1691-620a-70f1-47669f550000}1955/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-7344-e82acf550000}1954/usr/bin/apt-configapt-configroot 534500x80000000000000001746200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.243{ec2ab09f-1691-620a-70f1-47669f550000}1955/usr/bin/dpkgroot 534500x80000000000000001746201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.244{ec2ab09f-1691-620a-7344-e82acf550000}1954/usr/bin/apt-configroot 154100x80000000000000001746202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.244{ec2ab09f-1691-620a-73b4-7c377c550000}1956/usr/bin/apt-config-----apt-config shell ListDir Dir::State::Lists/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-6882-aa8b89550000}1953/bin/dash/bin/shroot 154100x80000000000000001746203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.251{ec2ab09f-1691-620a-7061-90e5b4550000}1957/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-73b4-7c377c550000}1956/usr/bin/apt-configapt-configroot 534500x80000000000000001746204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.254{ec2ab09f-1691-620a-7061-90e5b4550000}1957/usr/bin/dpkgroot 534500x80000000000000001746205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.255{ec2ab09f-1691-620a-73b4-7c377c550000}1956/usr/bin/apt-configroot 154100x80000000000000001746206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.255{ec2ab09f-1691-620a-73f4-5a8283550000}1958/usr/bin/apt-config-----apt-config shell DpkgStatus Dir::State::status/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-6882-aa8b89550000}1953/bin/dash/bin/shroot 11241100x80000000000000001746207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.257{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0085e730b704a4d2022-02-14 08:45:05.257root 11241100x80000000000000001746208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.258{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1617faef624675d2022-02-14 08:45:05.258root 11241100x80000000000000001746209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.258{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e23bebb677bbd292022-02-14 08:45:05.258root 11241100x80000000000000001746210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.259{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c3b2f5d4114def2022-02-14 08:45:05.259root 11241100x80000000000000001746211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.259{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f485a70714db3d542022-02-14 08:45:05.259root 11241100x80000000000000001746212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.259{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b95049c44f6e1c2022-02-14 08:45:05.259root 11241100x80000000000000001746213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.260{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe7d3582a3444fd2022-02-14 08:45:05.260root 11241100x80000000000000001746214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.260{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64edfbd7d4da6c5e2022-02-14 08:45:05.260root 11241100x80000000000000001746215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.261{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a9bc1ab35df8882022-02-14 08:45:05.261root 11241100x80000000000000001746216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.261{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455fb43d44b7e9ec2022-02-14 08:45:05.261root 11241100x80000000000000001746217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.262{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28f165bcd0c96672022-02-14 08:45:05.262root 11241100x80000000000000001746218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.262{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2139efa9a8838892022-02-14 08:45:05.262root 11241100x80000000000000001746219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.262{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969e4aa60da9566c2022-02-14 08:45:05.262root 11241100x80000000000000001746220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.262{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4eca760f5199d5b2022-02-14 08:45:05.262root 11241100x80000000000000001746221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.262{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c115ed08b67cd76c2022-02-14 08:45:05.262root 11241100x80000000000000001746222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.262{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5a0584b3d717132022-02-14 08:45:05.262root 11241100x80000000000000001746223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.263{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68132d6449356a602022-02-14 08:45:05.263root 11241100x80000000000000001746224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.263{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b826579f29e345022022-02-14 08:45:05.263root 11241100x80000000000000001746225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.263{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac6aa591b7021872022-02-14 08:45:05.263root 11241100x80000000000000001746226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.263{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d6c5a86fb8d0ea2022-02-14 08:45:05.263root 11241100x80000000000000001746227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.263{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6c195d94af823a2022-02-14 08:45:05.263root 11241100x80000000000000001746228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.263{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0945e0f251dd5b222022-02-14 08:45:05.263root 11241100x80000000000000001746229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.264{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd780bd0902328e2022-02-14 08:45:05.264root 11241100x80000000000000001746230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.264{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1165bac8387a34b12022-02-14 08:45:05.264root 11241100x80000000000000001746231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.264{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e639476ed36dc1e2022-02-14 08:45:05.264root 11241100x80000000000000001746232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.264{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa26fca324c59c5a2022-02-14 08:45:05.264root 154100x80000000000000001746233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.263{ec2ab09f-1691-620a-7021-a0a898550000}1959/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-73f4-5a8283550000}1958/usr/bin/apt-configapt-configroot 11241100x80000000000000001746234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.265{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af329acfefb4b5e02022-02-14 08:45:05.265root 11241100x80000000000000001746235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.265{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4b221abf6b904c2022-02-14 08:45:05.265root 11241100x80000000000000001746236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.265{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed16110453bc08e42022-02-14 08:45:05.265root 11241100x80000000000000001746237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.265{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd71e23a0a6b7102022-02-14 08:45:05.265root 11241100x80000000000000001746238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.265{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2e90992a36874d2022-02-14 08:45:05.265root 11241100x80000000000000001746239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.265{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5545c51e771f88842022-02-14 08:45:05.265root 11241100x80000000000000001746240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.265{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79b2a55f0453c5e2022-02-14 08:45:05.265root 11241100x80000000000000001746241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.265{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a2f058c330a86b2022-02-14 08:45:05.265root 11241100x80000000000000001746242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.266{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d334dd239dbc1e0e2022-02-14 08:45:05.266root 11241100x80000000000000001746243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.266{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3199915529d0602022-02-14 08:45:05.266root 11241100x80000000000000001746244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.266{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46dfb8bc2f736c392022-02-14 08:45:05.266root 11241100x80000000000000001746245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.266{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055ee0daf28ea56b2022-02-14 08:45:05.266root 11241100x80000000000000001746246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.266{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02032972e9debb022022-02-14 08:45:05.266root 534500x80000000000000001746247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.266{ec2ab09f-1691-620a-7021-a0a898550000}1959/usr/bin/dpkgroot 11241100x80000000000000001746248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.266{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8397c2486dccd0be2022-02-14 08:45:05.266root 11241100x80000000000000001746249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.268{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e262fb878276c9222022-02-14 08:45:05.268root 11241100x80000000000000001746250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.268{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c15d8ca33e17c82022-02-14 08:45:05.268root 11241100x80000000000000001746251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.268{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bfbeed9b9f6ce12022-02-14 08:45:05.268root 11241100x80000000000000001746252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.268{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f20f245d3d92cd2022-02-14 08:45:05.268root 11241100x80000000000000001746253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.268{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48a69b11add70432022-02-14 08:45:05.268root 11241100x80000000000000001746254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.268{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e415dd95741f8962022-02-14 08:45:05.268root 534500x80000000000000001746255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.268{ec2ab09f-1691-620a-73f4-5a8283550000}1958/usr/bin/apt-configroot 11241100x80000000000000001746256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.269{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b1c35e929e1e992022-02-14 08:45:05.269root 11241100x80000000000000001746257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.269{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdda5846e47975a2022-02-14 08:45:05.269root 11241100x80000000000000001746258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.269{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68078f6e57a6a5c2022-02-14 08:45:05.269root 11241100x80000000000000001746259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.269{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cb0cda336cf9472022-02-14 08:45:05.269root 11241100x80000000000000001746260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.269{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645c1f22fc87379d2022-02-14 08:45:05.269root 154100x80000000000000001746261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.269{ec2ab09f-1691-620a-7314-151913560000}1960/usr/bin/apt-config-----apt-config shell EtcDir Dir::Etc/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-6882-aa8b89550000}1953/bin/dash/bin/shroot 11241100x80000000000000001746262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.269{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e22820d0ad61092022-02-14 08:45:05.269root 11241100x80000000000000001746263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.269{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00e03f89effa2652022-02-14 08:45:05.269root 11241100x80000000000000001746264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.269{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b61bcbda8ef6a7c2022-02-14 08:45:05.269root 11241100x80000000000000001746265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.271{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac3580f99c8e9352022-02-14 08:45:05.271root 11241100x80000000000000001746266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.271{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd94e864451283b12022-02-14 08:45:05.271root 11241100x80000000000000001746267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.272{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17536e9c3cd7c2c22022-02-14 08:45:05.272root 11241100x80000000000000001746268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.273{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166e93ff205266ce2022-02-14 08:45:05.273root 11241100x80000000000000001746269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.273{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263c6a067f6076612022-02-14 08:45:05.273root 11241100x80000000000000001746270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.273{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef80d3a1c2803242022-02-14 08:45:05.273root 11241100x80000000000000001746271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.273{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9522aa27bf9946e2022-02-14 08:45:05.273root 11241100x80000000000000001746272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.273{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3036e74ccb7c9b8f2022-02-14 08:45:05.273root 11241100x80000000000000001746273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.273{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0afaff390aae3932022-02-14 08:45:05.273root 11241100x80000000000000001746274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.274{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c91c10dc8c29a12022-02-14 08:45:05.274root 11241100x80000000000000001746275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.274{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387aea1ba570bc452022-02-14 08:45:05.274root 11241100x80000000000000001746276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.274{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbcd0144894c2082022-02-14 08:45:05.274root 11241100x80000000000000001746277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.274{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5912dd4307cefefa2022-02-14 08:45:05.274root 11241100x80000000000000001746278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.274{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61cbc386007365342022-02-14 08:45:05.274root 11241100x80000000000000001746279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.274{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdc5e980aab8cc22022-02-14 08:45:05.274root 11241100x80000000000000001746280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.274{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73be301e714089c2022-02-14 08:45:05.274root 11241100x80000000000000001746281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.275{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05a8e8def2cdaad2022-02-14 08:45:05.275root 11241100x80000000000000001746282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.275{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1708cc1bc3700402022-02-14 08:45:05.275root 11241100x80000000000000001746283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.275{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ef0834ba8a57d72022-02-14 08:45:05.275root 11241100x80000000000000001746284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.275{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ae38ae22418d562022-02-14 08:45:05.275root 11241100x80000000000000001746285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.275{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f97fe9a19fe5c022022-02-14 08:45:05.275root 11241100x80000000000000001746286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.275{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fde02ba855f24392022-02-14 08:45:05.275root 11241100x80000000000000001746287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.275{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad147c28c7bd3432022-02-14 08:45:05.275root 11241100x80000000000000001746288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.276{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b0efc3cfc9c4df2022-02-14 08:45:05.276root 11241100x80000000000000001746289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.276{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7fc36725018b9c2022-02-14 08:45:05.276root 11241100x80000000000000001746290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.277{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d3e6dd63f895732022-02-14 08:45:05.277root 11241100x80000000000000001746291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.277{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e75cc68491a5ca2022-02-14 08:45:05.277root 11241100x80000000000000001746292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.277{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d13c13c8ef6e6c32022-02-14 08:45:05.277root 11241100x80000000000000001746293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.277{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e50ec14a690e212022-02-14 08:45:05.277root 11241100x80000000000000001746294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.277{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d316932c53f04cfb2022-02-14 08:45:05.277root 11241100x80000000000000001746295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.277{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd22460e820d2042022-02-14 08:45:05.277root 11241100x80000000000000001746296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.278{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1769a76d28d1682022-02-14 08:45:05.278root 11241100x80000000000000001746297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.278{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5f441c828172572022-02-14 08:45:05.278root 11241100x80000000000000001746298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.278{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5710b77ab5191c92022-02-14 08:45:05.278root 11241100x80000000000000001746299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.278{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292e39074f60268e2022-02-14 08:45:05.278root 11241100x80000000000000001746300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.279{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebcdfe78b5712e42022-02-14 08:45:05.279root 11241100x80000000000000001746301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.279{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ee7ca4936f79eb2022-02-14 08:45:05.279root 11241100x80000000000000001746302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.279{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c4fa05ed374c742022-02-14 08:45:05.279root 11241100x80000000000000001746303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.279{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4573e763d66cdc162022-02-14 08:45:05.279root 11241100x80000000000000001746304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.280{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f67efeddf6be652022-02-14 08:45:05.280root 11241100x80000000000000001746305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.280{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df05470e8c46af142022-02-14 08:45:05.280root 11241100x80000000000000001746306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.280{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6127857a82add4cd2022-02-14 08:45:05.280root 11241100x80000000000000001746307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.280{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ceec7e327b78432022-02-14 08:45:05.280root 11241100x80000000000000001746308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.280{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faecc9d494b444122022-02-14 08:45:05.280root 11241100x80000000000000001746309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.280{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89a0eea5fa4ddc22022-02-14 08:45:05.280root 11241100x80000000000000001746310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.280{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2d6f22a2e24f872022-02-14 08:45:05.280root 11241100x80000000000000001746311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.281{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ea7e64414ca1872022-02-14 08:45:05.281root 11241100x80000000000000001746312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.281{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ab7dd91c74ff992022-02-14 08:45:05.281root 11241100x80000000000000001746313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.281{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2497368707b960242022-02-14 08:45:05.281root 11241100x80000000000000001746314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.281{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fff8bedf50e82652022-02-14 08:45:05.281root 11241100x80000000000000001746315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.281{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dd1d5e62400ac52022-02-14 08:45:05.281root 11241100x80000000000000001746316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.282{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3650f9870842fe9d2022-02-14 08:45:05.282root 11241100x80000000000000001746317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.282{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b1c0a8e4e38bde2022-02-14 08:45:05.282root 11241100x80000000000000001746318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.282{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075f861c492196292022-02-14 08:45:05.282root 11241100x80000000000000001746319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.282{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be92552701f93a3a2022-02-14 08:45:05.282root 11241100x80000000000000001746320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.282{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be490ed462ee50152022-02-14 08:45:05.282root 11241100x80000000000000001746321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.282{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef709390a81465a2022-02-14 08:45:05.282root 11241100x80000000000000001746322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.282{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d652dd9b07fb0e2022-02-14 08:45:05.282root 11241100x80000000000000001746323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.283{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e44d8b73f123fd92022-02-14 08:45:05.283root 11241100x80000000000000001746324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.283{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf32d18901e629572022-02-14 08:45:05.283root 11241100x80000000000000001746325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.283{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7966275def7677a62022-02-14 08:45:05.283root 11241100x80000000000000001746326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.283{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea4ecf6e8a306492022-02-14 08:45:05.283root 11241100x80000000000000001746327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.283{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbbf232a49b820d2022-02-14 08:45:05.283root 11241100x80000000000000001746328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.283{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414080a6cddfd7602022-02-14 08:45:05.283root 11241100x80000000000000001746329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.283{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d213ce1a9dd92de2022-02-14 08:45:05.283root 11241100x80000000000000001746330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.284{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8c1ef8a1de6bcc2022-02-14 08:45:05.284root 11241100x80000000000000001746331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.284{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0f288ccea2440c2022-02-14 08:45:05.284root 11241100x80000000000000001746332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.284{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b416a560453fd82022-02-14 08:45:05.284root 11241100x80000000000000001746333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.284{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a557ee7531f903782022-02-14 08:45:05.284root 11241100x80000000000000001746334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.284{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6de413df18e89582022-02-14 08:45:05.284root 11241100x80000000000000001746335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.284{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d759b71a9c712e4e2022-02-14 08:45:05.284root 154100x80000000000000001746336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.283{ec2ab09f-1691-620a-7001-a2f4d3550000}1961/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-7314-151913560000}1960/usr/bin/apt-configapt-configroot 11241100x80000000000000001746337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.285{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba12fc9e58e978d12022-02-14 08:45:05.285root 11241100x80000000000000001746338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.285{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c3c73b5cd764762022-02-14 08:45:05.285root 11241100x80000000000000001746339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.285{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35ca9a4ee56ab412022-02-14 08:45:05.285root 11241100x80000000000000001746340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.285{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79cdf12cfd0d19d62022-02-14 08:45:05.285root 11241100x80000000000000001746341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.286{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9577ced4db22f0e2022-02-14 08:45:05.286root 11241100x80000000000000001746342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.286{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7341740da0efc52022-02-14 08:45:05.286root 11241100x80000000000000001746343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.286{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5169e2b8653246f2022-02-14 08:45:05.286root 11241100x80000000000000001746344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.286{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e7a266e1edb5522022-02-14 08:45:05.286root 11241100x80000000000000001746345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.287{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802acc9b28a2aec92022-02-14 08:45:05.287root 11241100x80000000000000001746346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.287{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb22372b645b29c12022-02-14 08:45:05.287root 11241100x80000000000000001746347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.287{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3d1e6e8841c7f32022-02-14 08:45:05.287root 11241100x80000000000000001746348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.287{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6ca41868b9aaf92022-02-14 08:45:05.287root 11241100x80000000000000001746349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.287{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74726819c7df2422022-02-14 08:45:05.287root 11241100x80000000000000001746350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.287{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5eb66c70bf675202022-02-14 08:45:05.287root 11241100x80000000000000001746351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.288{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621e3613a156a7152022-02-14 08:45:05.288root 11241100x80000000000000001746352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.288{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a16179d6e227242022-02-14 08:45:05.288root 11241100x80000000000000001746353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.288{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf9e1e6dba925e32022-02-14 08:45:05.288root 11241100x80000000000000001746354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.288{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c9d7b8d77b4a2e2022-02-14 08:45:05.288root 11241100x80000000000000001746355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.288{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacbc7eed6a6fd972022-02-14 08:45:05.288root 11241100x80000000000000001746356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.288{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7216d75c2444407f2022-02-14 08:45:05.288root 534500x80000000000000001746357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.288{ec2ab09f-1691-620a-7001-a2f4d3550000}1961/usr/bin/dpkgroot 11241100x80000000000000001746358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.289{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a8798b2b3024d82022-02-14 08:45:05.289root 11241100x80000000000000001746359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.289{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0208935082f67a422022-02-14 08:45:05.289root 11241100x80000000000000001746360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.289{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833dca15ed9b364b2022-02-14 08:45:05.289root 11241100x80000000000000001746361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.289{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f303b404d964d5d2022-02-14 08:45:05.289root 11241100x80000000000000001746362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.289{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9a631ac752c65b2022-02-14 08:45:05.289root 11241100x80000000000000001746363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.289{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb97b12a1aa61172022-02-14 08:45:05.289root 11241100x80000000000000001746364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.289{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0008322c501b492022-02-14 08:45:05.289root 11241100x80000000000000001746365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.289{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff5f810875c415f2022-02-14 08:45:05.289root 11241100x80000000000000001746366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.290{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5d8ba42bf198d42022-02-14 08:45:05.290root 11241100x80000000000000001746367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.290{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51dbcc87ece8ff642022-02-14 08:45:05.290root 11241100x80000000000000001746368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.290{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f30adc4f4e531322022-02-14 08:45:05.290root 11241100x80000000000000001746369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.290{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe4f811ee507d322022-02-14 08:45:05.290root 11241100x80000000000000001746370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.290{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab8602b284dffb42022-02-14 08:45:05.290root 11241100x80000000000000001746371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.291{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71bb9edc31bc8b692022-02-14 08:45:05.291root 11241100x80000000000000001746372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.291{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c36582ca71f9faa2022-02-14 08:45:05.291root 11241100x80000000000000001746373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.291{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf17b75b6d94bbc2022-02-14 08:45:05.291root 11241100x80000000000000001746374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.291{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a2c6ea8a3d0b3a2022-02-14 08:45:05.291root 11241100x80000000000000001746375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.291{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb1651430d203782022-02-14 08:45:05.291root 11241100x80000000000000001746376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.291{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53eb83361feae962022-02-14 08:45:05.291root 11241100x80000000000000001746377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.291{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35551f7567ba32152022-02-14 08:45:05.291root 11241100x80000000000000001746378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.291{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dff61ef0fe1c43b2022-02-14 08:45:05.291root 11241100x80000000000000001746379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.292{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82012a2e65e4e9df2022-02-14 08:45:05.292root 11241100x80000000000000001746380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.292{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb3bd82c103c3aa2022-02-14 08:45:05.292root 11241100x80000000000000001746381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.292{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811e55ab46fd3b272022-02-14 08:45:05.292root 11241100x80000000000000001746382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.292{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e2e2280f329c5c2022-02-14 08:45:05.292root 11241100x80000000000000001746383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.292{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa32f2a3a0a9c6282022-02-14 08:45:05.292root 11241100x80000000000000001746384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.292{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8d3ec522a72e762022-02-14 08:45:05.292root 11241100x80000000000000001746385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.293{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e154bbc8f7432162022-02-14 08:45:05.293root 11241100x80000000000000001746386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.293{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca6ded91b1391ba2022-02-14 08:45:05.293root 11241100x80000000000000001746387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.293{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f2da82223ff6e32022-02-14 08:45:05.293root 11241100x80000000000000001746388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.293{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7aa870121b84612022-02-14 08:45:05.293root 11241100x80000000000000001746389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.293{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e57d8ed92b3210f2022-02-14 08:45:05.293root 11241100x80000000000000001746390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.293{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f911b4b7371c522022-02-14 08:45:05.293root 11241100x80000000000000001746391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.293{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c78e3f407da9232022-02-14 08:45:05.293root 11241100x80000000000000001746392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.293{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76204d74337a448a2022-02-14 08:45:05.293root 11241100x80000000000000001746393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.294{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f910ece2d284f1df2022-02-14 08:45:05.294root 11241100x80000000000000001746394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.294{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62137296070bff132022-02-14 08:45:05.294root 11241100x80000000000000001746395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.294{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f0413aa103676e2022-02-14 08:45:05.294root 11241100x80000000000000001746396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.294{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45be952050f3d8842022-02-14 08:45:05.294root 11241100x80000000000000001746397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.294{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e14f6314809c3332022-02-14 08:45:05.294root 11241100x80000000000000001746398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.294{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cfbd6ab4a663f62022-02-14 08:45:05.294root 11241100x80000000000000001746399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.294{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4a2f0bffcb45d02022-02-14 08:45:05.294root 11241100x80000000000000001746400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.295{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76a1531f86f21972022-02-14 08:45:05.295root 11241100x80000000000000001746401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.295{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9047a9e53f6bcc2022-02-14 08:45:05.295root 11241100x80000000000000001746402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.295{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f4057a3aa1cfe02022-02-14 08:45:05.295root 11241100x80000000000000001746403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.295{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5344f1fed590b92022-02-14 08:45:05.295root 11241100x80000000000000001746404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.295{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adb3a8a6cd043d12022-02-14 08:45:05.295root 534500x80000000000000001746405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.292{ec2ab09f-1691-620a-7314-151913560000}1960/usr/bin/apt-configroot 154100x80000000000000001746406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.292{ec2ab09f-1691-620a-7374-bf7070550000}1962/usr/bin/apt-config-----apt-config shell SourceList Dir::Etc::sourcelist/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-6882-aa8b89550000}1953/bin/dash/bin/shroot 11241100x80000000000000001746407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.295{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8624ed573927f82022-02-14 08:45:05.295root 11241100x80000000000000001746408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.295{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ed338fd828f6722022-02-14 08:45:05.295root 11241100x80000000000000001746409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.295{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc797f7ea89cb182022-02-14 08:45:05.295root 11241100x80000000000000001746410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.295{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e24d172602a0932022-02-14 08:45:05.295root 11241100x80000000000000001746411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.296{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0168777d70f8642022-02-14 08:45:05.296root 11241100x80000000000000001746412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.296{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf2c79fc64bc33f2022-02-14 08:45:05.296root 11241100x80000000000000001746413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.296{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819e2a626bbc48bb2022-02-14 08:45:05.296root 11241100x80000000000000001746414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.296{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad529d5027f42932022-02-14 08:45:05.296root 11241100x80000000000000001746415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.296{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873d7ed527202e052022-02-14 08:45:05.296root 11241100x80000000000000001746416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.296{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d6937634e6c5ed2022-02-14 08:45:05.296root 11241100x80000000000000001746417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.296{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a624009f2dccbc2022-02-14 08:45:05.296root 11241100x80000000000000001746418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.296{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d206d203749d1b8b2022-02-14 08:45:05.296root 11241100x80000000000000001746419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.297{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63eee881817f33f72022-02-14 08:45:05.297root 11241100x80000000000000001746420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.297{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59fccd72d88ca752022-02-14 08:45:05.297root 11241100x80000000000000001746421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.297{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f8c1e187139d202022-02-14 08:45:05.297root 11241100x80000000000000001746422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.297{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6476d99f6562bdc2022-02-14 08:45:05.297root 11241100x80000000000000001746423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.297{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56ac0b1a547eeed2022-02-14 08:45:05.297root 11241100x80000000000000001746424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.297{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4502d9a08f29fee2022-02-14 08:45:05.297root 11241100x80000000000000001746425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.297{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8678c71e84bc2032022-02-14 08:45:05.297root 11241100x80000000000000001746426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.297{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d768a95b00eb41e2022-02-14 08:45:05.297root 11241100x80000000000000001746427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.298{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35eba0162f3088f92022-02-14 08:45:05.298root 11241100x80000000000000001746428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.298{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0123b04fdedebf352022-02-14 08:45:05.298root 11241100x80000000000000001746429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.298{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f310e01726e46da2022-02-14 08:45:05.298root 11241100x80000000000000001746430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.298{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf42563ec5e8f7642022-02-14 08:45:05.298root 11241100x80000000000000001746431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.298{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99cf657a8fc3e142022-02-14 08:45:05.298root 11241100x80000000000000001746432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.298{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c7c55b1ff519132022-02-14 08:45:05.298root 11241100x80000000000000001746433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.299{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4174ea37f05a09f52022-02-14 08:45:05.299root 11241100x80000000000000001746434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.299{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a569647eb22781e52022-02-14 08:45:05.299root 11241100x80000000000000001746435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.299{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5fd59ca82bf5b12022-02-14 08:45:05.299root 11241100x80000000000000001746436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.299{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e1793044f3ccf22022-02-14 08:45:05.299root 11241100x80000000000000001746437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.299{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f858d0f672e15c3d2022-02-14 08:45:05.299root 11241100x80000000000000001746438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.299{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b1796ddd2dca5b2022-02-14 08:45:05.299root 11241100x80000000000000001746439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.299{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b49ee68de443752022-02-14 08:45:05.299root 11241100x80000000000000001746440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.300{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecae0fa52710fd0c2022-02-14 08:45:05.300root 11241100x80000000000000001746441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.300{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96845c5115c7edad2022-02-14 08:45:05.300root 11241100x80000000000000001746442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.300{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb61fe19e1ac9e412022-02-14 08:45:05.300root 11241100x80000000000000001746443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.300{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36c1346d13285ef2022-02-14 08:45:05.300root 11241100x80000000000000001746444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.300{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7c9a296dce7c472022-02-14 08:45:05.300root 11241100x80000000000000001746445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.301{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c7ec6b2c62fb782022-02-14 08:45:05.301root 11241100x80000000000000001746446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.301{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd2f5235cac58552022-02-14 08:45:05.301root 11241100x80000000000000001746447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.301{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711964fad29dc4a82022-02-14 08:45:05.301root 11241100x80000000000000001746448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.302{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bda58b1c08b85492022-02-14 08:45:05.302root 11241100x80000000000000001746449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.302{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250d52f618e3583c2022-02-14 08:45:05.302root 11241100x80000000000000001746450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.302{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0574be917069a52022-02-14 08:45:05.302root 11241100x80000000000000001746451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.302{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5822229271e6d5252022-02-14 08:45:05.302root 11241100x80000000000000001746452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.303{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a364d83385f4f7d2022-02-14 08:45:05.303root 11241100x80000000000000001746453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.303{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ae7d45510413992022-02-14 08:45:05.303root 11241100x80000000000000001746454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.303{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4357b4cdc709c6762022-02-14 08:45:05.303root 11241100x80000000000000001746455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.303{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c130d3e75dadc52022-02-14 08:45:05.303root 11241100x80000000000000001746456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.304{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b620c1653f4050dc2022-02-14 08:45:05.304root 11241100x80000000000000001746457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.304{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e426ae24a7ca902022-02-14 08:45:05.304root 11241100x80000000000000001746458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.304{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f14148165c13dd2022-02-14 08:45:05.304root 11241100x80000000000000001746459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.305{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee5874b55409b752022-02-14 08:45:05.305root 154100x80000000000000001746460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.300{ec2ab09f-1691-620a-70a1-8807f6550000}1963/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-7374-bf7070550000}1962/usr/bin/apt-configapt-configroot 534500x80000000000000001746461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.305{ec2ab09f-1691-620a-70a1-8807f6550000}1963/usr/bin/dpkgroot 11241100x80000000000000001746462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.305{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28394e57539e7cfb2022-02-14 08:45:05.305root 11241100x80000000000000001746463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.305{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0810fbccbadc48792022-02-14 08:45:05.305root 11241100x80000000000000001746464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.305{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ddf00bd3ebf4ed2022-02-14 08:45:05.305root 11241100x80000000000000001746465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.305{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0258f9c73900e442022-02-14 08:45:05.305root 11241100x80000000000000001746466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.306{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5811d283ef1ba5f2022-02-14 08:45:05.306root 11241100x80000000000000001746467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.306{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cf1d74c7a871dd2022-02-14 08:45:05.306root 154100x80000000000000001746468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.306{ec2ab09f-1691-620a-90e0-dbd2d6550000}1964/usr/bin/find-----find /var/lib/apt/lists/ /etc/apt/sources.list //var/lib/dpkg/status -type f -newer /var/lib/update-notifier/hwe-eol -print -quit/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-6882-aa8b89550000}1953/bin/dash/bin/shroot 534500x80000000000000001746469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.306{ec2ab09f-1691-620a-7374-bf7070550000}1962/usr/bin/apt-configroot 11241100x80000000000000001746470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.306{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852ee6083503e0332022-02-14 08:45:05.306root 11241100x80000000000000001746471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.307{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db55fcce21517b82022-02-14 08:45:05.307root 11241100x80000000000000001746472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.307{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3276963f81ed6612022-02-14 08:45:05.307root 11241100x80000000000000001746473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.307{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1406bbf6725e64752022-02-14 08:45:05.307root 11241100x80000000000000001746474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.307{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235225dd1efd09bd2022-02-14 08:45:05.307root 534500x80000000000000001746475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.315{ec2ab09f-1691-620a-90e0-dbd2d6550000}1964/usr/bin/findroot 154100x80000000000000001746476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.315{ec2ab09f-1691-620a-e818-9ba284550000}1966/usr/bin/dirname-----dirname /var/lib/update-notifier/hwe-eol/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}1965--- 534500x80000000000000001746477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.317{ec2ab09f-1691-620a-e818-9ba284550000}1966/usr/bin/dirnameroot 154100x80000000000000001746478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.315{ec2ab09f-1691-620a-a850-917e4b560000}1965/bin/mktemp-----mktemp -p /var/lib/update-notifier/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-6882-aa8b89550000}1953/bin/dash/bin/shroot 11241100x80000000000000001746479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.318{ec2ab09f-1691-620a-a850-917e4b560000}1965/bin/mktemp/var/lib/update-notifier/tmp.McGMeMx9qC2022-02-14 08:45:05.318root 534500x80000000000000001746480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.319{ec2ab09f-1691-620a-a850-917e4b560000}1965/bin/mktemproot 154100x80000000000000001746481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.319{ec2ab09f-1691-620a-d089-904bcc550000}1967/bin/cat-----cat /var/lib/update-notifier/hwe-eol/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-6882-aa8b89550000}1953/bin/dash/bin/shroot 534500x80000000000000001746482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.320{ec2ab09f-1691-620a-d089-904bcc550000}1967/bin/catroot 154100x80000000000000001746483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.320{ec2ab09f-1691-620a-70b3-e85161550000}1968/bin/rm-----rm -f /var/lib/update-notifier/tmp.McGMeMx9qC/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-6882-aa8b89550000}1953/bin/dash/bin/shroot 23542300x80000000000000001746484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.323{ec2ab09f-1691-620a-70b3-e85161550000}1968root/bin/rm/var/lib/update-notifier/tmp.McGMeMx9qC--- 534500x80000000000000001746485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.323{ec2ab09f-1691-620a-70b3-e85161550000}1968/bin/rmroot 534500x80000000000000001746486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.323{ec2ab09f-1691-620a-6882-aa8b89550000}1953/bin/dashroot 154100x80000000000000001746487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.324{ec2ab09f-1691-620a-6872-4af099550000}1969/bin/dash-----/bin/sh /etc/update-motd.d/97-overlayroot/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-38aa-ec4ba0550000}1917/bin/run-partsrun-partsroot 154100x80000000000000001746488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.327{ec2ab09f-1691-620a-68d2-15b286550000}1971/bin/dash-----/bin/sh /bin/egrep overlayroot|/media/root-ro|/media/root-rw /proc/mounts/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}1970--- 154100x80000000000000001746489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.327{ec2ab09f-1691-620a-506c-de61b9550000}1971/bin/grep-----grep -E overlayroot|/media/root-ro|/media/root-rw /proc/mounts/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}1970--- 154100x80000000000000001746490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.327{ec2ab09f-1691-620a-18da-53ada9550000}1972/usr/bin/sort-----sort -r/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}1970--- 534500x80000000000000001746491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.331{ec2ab09f-1691-620a-18da-53ada9550000}1972/usr/bin/sortroot 534500x80000000000000001746492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.331{ec2ab09f-1691-620a-506c-de61b9550000}1971/bin/greproot 534500x80000000000000001746493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.331{ec2ab09f-1690-620a-0000-000000000000}1970-root 534500x80000000000000001746494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.331{ec2ab09f-1691-620a-6872-4af099550000}1969/bin/dashroot 154100x80000000000000001746495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.332{ec2ab09f-1691-620a-6832-a6a9ef550000}1973/bin/dash-----/bin/sh /etc/update-motd.d/98-fsck-at-reboot/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-38aa-ec4ba0550000}1917/bin/run-partsrun-partsroot 154100x80000000000000001746496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.332{ec2ab09f-1691-620a-68a2-3e477f550000}1973/bin/dash-----/bin/sh /usr/lib/update-notifier/update-motd-fsck-at-reboot/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-38aa-ec4ba0550000}1917/bin/run-partsrun-partsroot 154100x80000000000000001746497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.334{ec2ab09f-1691-620a-88c4-e527ae550000}1974/usr/bin/stat-----stat -c %Y /var/lib/update-notifier/fsck-at-reboot/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-68a2-3e477f550000}1973/bin/dash/bin/shroot 534500x80000000000000001746498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.336{ec2ab09f-1691-620a-88c4-e527ae550000}1974/usr/bin/statroot 154100x80000000000000001746499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.336{ec2ab09f-1691-620a-f06c-a2696f550000}1976/usr/bin/gawk-----awk {print $1} /proc/uptime/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}1975--- 534500x80000000000000001746500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.340{ec2ab09f-1691-620a-f06c-a2696f550000}1976/usr/bin/gawkroot 154100x80000000000000001746501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.336{ec2ab09f-1691-620a-082f-9a4f9b550000}1975/bin/date-----date -d now - 1696.27 seconds +%s/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-68a2-3e477f550000}1973/bin/dash/bin/shroot 534500x80000000000000001746502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.341{ec2ab09f-1691-620a-082f-9a4f9b550000}1975/bin/dateroot 154100x80000000000000001746503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.341{ec2ab09f-1691-620a-088f-b502a8550000}1977/bin/date-----date +%s/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-68a2-3e477f550000}1973/bin/dash/bin/shroot 534500x80000000000000001746504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.342{ec2ab09f-1691-620a-088f-b502a8550000}1977/bin/dateroot 154100x80000000000000001746505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.343{ec2ab09f-1691-620a-a842-373e6d550000}1979/bin/mount-----mount/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}1978--- 154100x80000000000000001746506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.343{ec2ab09f-1691-620a-f06c-32be0e560000}1980/usr/bin/gawk-----awk $5 ~ /^ext(2|3|4)$/ { print $1 }/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}1978--- 534500x80000000000000001746507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.345{ec2ab09f-1691-620a-a842-373e6d550000}1979/bin/mountroot 534500x80000000000000001746508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.346{ec2ab09f-1691-620a-f06c-32be0e560000}1980/usr/bin/gawkroot 534500x80000000000000001746509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.346{00000000-0000-0000-0000-000000000000}1978<unknown process>root 154100x80000000000000001746510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.347{ec2ab09f-1691-620a-685e-3692e8550000}1981/sbin/dumpe2fs-----dumpe2fs -h /dev/nvme0n1p1/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-68a2-3e477f550000}1973/bin/dash/bin/shroot 924900x80000000000000001746511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.351{ec2ab09f-1691-620a-685e-3692e8550000}1981/sbin/dumpe2fs/dev/nvme0n1p1root 534500x80000000000000001746512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.354{ec2ab09f-1691-620a-685e-3692e8550000}1981/sbin/dumpe2fsroot 534500x80000000000000001746513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.354{00000000-0000-0000-0000-000000000000}1983<unknown process>root 154100x80000000000000001746514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.354{ec2ab09f-1691-620a-50cc-fca358550000}1984/bin/grep-----grep ^Mount count:/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}1982--- 154100x80000000000000001746515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.354{ec2ab09f-1691-620a-b8a0-c00609560000}1985/usr/bin/cut-----cut -d: -f 2-/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}1982--- 534500x80000000000000001746516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.355{ec2ab09f-1691-620a-50cc-fca358550000}1984/bin/greproot 534500x80000000000000001746517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.355{ec2ab09f-1691-620a-b8a0-c00609560000}1985/usr/bin/cutroot 534500x80000000000000001746518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.356{00000000-0000-0000-0000-000000000000}1982<unknown process>root 154100x80000000000000001746519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.356{ec2ab09f-1691-620a-50dc-f8af3f560000}1988/bin/grep-----grep ^Maximum mount count:/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}1986--- 534500x80000000000000001746520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.356{ec2ab09f-1691-620a-0000-000000000000}1987-root 534500x80000000000000001746521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.357{ec2ab09f-1691-620a-50dc-f8af3f560000}1988/bin/greproot 154100x80000000000000001746522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.357{ec2ab09f-1691-620a-b850-891b55560000}1989/usr/bin/cut-----cut -d: -f 2-/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}1986--- 534500x80000000000000001746523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.358{ec2ab09f-1691-620a-b850-891b55560000}1989/usr/bin/cutroot 534500x80000000000000001746524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.358{00000000-0000-0000-0000-000000000000}1986<unknown process>root 534500x80000000000000001746525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.359{ec2ab09f-1691-620a-0000-000000000000}1991-root 154100x80000000000000001746526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.359{ec2ab09f-1691-620a-50fc-3d23ed550000}1992/bin/grep-----grep ^Check interval:/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}1990--- 154100x80000000000000001746527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.359{ec2ab09f-1691-620a-b860-4f8184550000}1993/usr/bin/cut-----cut -d: -f 2-/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}1990--- 154100x80000000000000001746528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.359{ec2ab09f-1691-620a-b810-6a548b550000}1994/usr/bin/cut-----cut -d( -f 1/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}1990--- 534500x80000000000000001746529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.360{ec2ab09f-1691-620a-50fc-3d23ed550000}1992/bin/greproot 534500x80000000000000001746530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.361{ec2ab09f-1691-620a-b860-4f8184550000}1993/usr/bin/cutroot 534500x80000000000000001746531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.361{ec2ab09f-1691-620a-b810-6a548b550000}1994/usr/bin/cutroot 534500x80000000000000001746532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.363{00000000-0000-0000-0000-000000000000}1990<unknown process>root 534500x80000000000000001746533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.364{ec2ab09f-1691-620a-0000-000000000000}1996-root 154100x80000000000000001746534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.363{ec2ab09f-1691-620a-505c-7c98d2550000}1997/bin/grep-----grep ^Next check after:/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}1995--- 154100x80000000000000001746535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.364{ec2ab09f-1691-620a-b800-76d03e560000}1998/usr/bin/cut-----cut -d: -f 2-/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{00000000-0000-0000-0000-000000000000}1995--- 534500x80000000000000001746536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.365{ec2ab09f-1691-620a-505c-7c98d2550000}1997/bin/greproot 534500x80000000000000001746537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.365{ec2ab09f-1691-620a-b800-76d03e560000}1998/usr/bin/cutroot 534500x80000000000000001746538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.365{00000000-0000-0000-0000-000000000000}1995<unknown process>root 154100x80000000000000001746539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.365{ec2ab09f-1691-620a-085f-f56f5e550000}1999/bin/date-----date -d +%s/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-68a2-3e477f550000}1973/bin/dash/bin/shroot 534500x80000000000000001746540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.366{ec2ab09f-1691-620a-085f-f56f5e550000}1999/bin/dateroot 154100x80000000000000001746541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.366{ec2ab09f-1691-620a-d099-8158c0550000}2000/bin/cat-----cat /var/lib/update-notifier/fsck-at-reboot/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-68a2-3e477f550000}1973/bin/dash/bin/shroot 534500x80000000000000001746542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.367{ec2ab09f-1691-620a-d099-8158c0550000}2000/bin/catroot 534500x80000000000000001746543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.367{ec2ab09f-1691-620a-68a2-3e477f550000}1973/bin/dashroot 154100x80000000000000001746544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.367{ec2ab09f-1691-620a-68b2-e309d6550000}2001/bin/dash-----/bin/sh /etc/update-motd.d/98-reboot-required/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-38aa-ec4ba0550000}1917/bin/run-partsrun-partsroot 154100x80000000000000001746545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.367{ec2ab09f-1691-620a-68c2-7ffe6d550000}2001/bin/dash-----/bin/sh -e /usr/lib/update-notifier/update-motd-reboot-required/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1690-620a-38aa-ec4ba0550000}1917/bin/run-partsrun-partsroot 534500x80000000000000001746546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.370{ec2ab09f-1691-620a-68c2-7ffe6d550000}2001/bin/dashroot 534500x80000000000000001746547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.370{ec2ab09f-1690-620a-38aa-ec4ba0550000}1917/bin/run-partsroot 534500x80000000000000001746548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.370{ec2ab09f-1690-620a-6822-2ac4e2550000}1916/bin/dashroot 154100x80000000000000001746549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.374{ec2ab09f-1691-620a-7091-ffb4b2550000}2003/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000001746550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.377{ec2ab09f-1691-620a-7091-ffb4b2550000}2003/usr/bin/dpkgroot 11241100x80000000000000001746551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.377{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.2lUhmp2022-02-14 08:45:05.377root 23542300x80000000000000001746552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.377{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.2lUhmp--- 11241100x80000000000000001746553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.382{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.7JmFjd2022-02-14 08:45:05.382root 23542300x80000000000000001746554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.382{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.7JmFjd--- 11241100x80000000000000001746555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.387{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.AabQh12022-02-14 08:45:05.387root 23542300x80000000000000001746556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.387{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.AabQh1--- 11241100x80000000000000001746557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.389{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.pdvhgP2022-02-14 08:45:05.389root 23542300x80000000000000001746558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.389{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.pdvhgP--- 11241100x80000000000000001746559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.390{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.y0u0eD2022-02-14 08:45:05.390root 23542300x80000000000000001746560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.390{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.y0u0eD--- 11241100x80000000000000001746561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.397{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.ZPkOer2022-02-14 08:45:05.397root 23542300x80000000000000001746562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.397{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.ZPkOer--- 11241100x80000000000000001746563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.399{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.SyyUef2022-02-14 08:45:05.399root 23542300x80000000000000001746564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.399{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.SyyUef--- 154100x80000000000000001746565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.401{ec2ab09f-1691-620a-0814-31b1c5550000}2004/bin/bash------bash/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2002--- 11241100x80000000000000001746566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.404{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.TDWYf32022-02-14 08:45:05.404root 23542300x80000000000000001746567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.404{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.TDWYf3--- 11241100x80000000000000001746568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.406{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.WshmhR2022-02-14 08:45:05.406root 23542300x80000000000000001746569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.406{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.WshmhR--- 11241100x80000000000000001746570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.408{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.pj8YiF2022-02-14 08:45:05.408root 23542300x80000000000000001746571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.408{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.pj8YiF--- 11241100x80000000000000001746572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.409{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.c1lRkt2022-02-14 08:45:05.409root 23542300x80000000000000001746573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.409{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.c1lRkt--- 11241100x80000000000000001746574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.410{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.N8GYmh2022-02-14 08:45:05.410root 23542300x80000000000000001746575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.410{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.N8GYmh--- 154100x80000000000000001746576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.410{ec2ab09f-1691-620a-88ce-fd7b19560000}2007/usr/bin/locale-check-----/usr/bin/locale-check C.UTF-8/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2006--- 11241100x80000000000000001746577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.412{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.aZLnp52022-02-14 08:45:05.412root 23542300x80000000000000001746578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.412{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.aZLnp5--- 534500x80000000000000001746579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.412{ec2ab09f-1691-620a-88ce-fd7b19560000}2007/usr/bin/locale-checkubuntu 534500x80000000000000001746580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.412{ec2ab09f-1691-620a-0000-000000000000}2006-ubuntu 11241100x80000000000000001746581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.414{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.tei5rT2022-02-14 08:45:05.414root 23542300x80000000000000001746582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.414{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.tei5rT--- 11241100x80000000000000001746583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.416{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.uz6cvH2022-02-14 08:45:05.416root 23542300x80000000000000001746584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.416{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.uz6cvH--- 11241100x80000000000000001746585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.418{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.zt6Byv2022-02-14 08:45:05.418root 23542300x80000000000000001746586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.418{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.zt6Byv--- 11241100x80000000000000001746587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.420{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.cMnnCj2022-02-14 08:45:05.420root 23542300x80000000000000001746588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.420{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.cMnnCj--- 154100x80000000000000001746589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.417{ec2ab09f-1691-620a-3050-013bc4550000}2008/usr/bin/locale-----locale/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{ec2ab09f-1691-620a-0814-31b1c5550000}2004/bin/bash-bashubuntu 154100x80000000000000001746590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.421{ec2ab09f-1691-620a-70f1-e8f6a2550000}2010/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000001746591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.422{ec2ab09f-1691-620a-3050-013bc4550000}2008/usr/bin/localeubuntu 534500x80000000000000001746592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.424{00000000-0000-0000-0000-000000000000}2009<unknown process>ubuntu 534500x80000000000000001746593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.424{ec2ab09f-1691-620a-70f1-e8f6a2550000}2010/usr/bin/dpkgroot 154100x80000000000000001746594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.464{ec2ab09f-1691-620a-6852-5c3da0550000}2012/bin/dash-----/bin/sh /usr/bin/lesspipe/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2011--- 154100x80000000000000001746595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.465{ec2ab09f-1691-620a-e8cb-5281c3550000}2013/usr/bin/basename-----basename /usr/bin/lesspipe/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{ec2ab09f-1691-620a-6852-5c3da0550000}2012/bin/dash/bin/shubuntu 534500x80000000000000001746596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.469{ec2ab09f-1691-620a-e8cb-5281c3550000}2013/usr/bin/basenameubuntu 154100x80000000000000001746597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.469{ec2ab09f-1691-620a-e808-39b406560000}2015/usr/bin/dirname-----dirname /usr/bin/lesspipe/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2014--- 534500x80000000000000001746598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.470{ec2ab09f-1691-620a-e808-39b406560000}2015/usr/bin/dirnameubuntu 534500x80000000000000001746599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.470{00000000-0000-0000-0000-000000000000}2014<unknown process>ubuntu 534500x80000000000000001746600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.471{ec2ab09f-1691-620a-6852-5c3da0550000}2012/bin/dashubuntu 534500x80000000000000001746601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.471{00000000-0000-0000-0000-000000000000}2011<unknown process>ubuntu 154100x80000000000000001746602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.473{ec2ab09f-1691-620a-4829-cf59e1550000}2017/usr/bin/dircolors-----dircolors -b/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2016--- 534500x80000000000000001746603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.477{ec2ab09f-1691-620a-4829-cf59e1550000}2017/usr/bin/dircolorsubuntu 534500x80000000000000001746604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.478{ec2ab09f-1691-620a-0000-000000000000}2016-ubuntu 11241100x80000000000000001746605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.802{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2011ac2a8eb5292022-02-14 08:45:05.802root 11241100x80000000000000001746606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.802{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae96d0da412040f32022-02-14 08:45:05.802root 11241100x80000000000000001746607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca40ce7c2f074972022-02-14 08:45:05.803root 11241100x80000000000000001746608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4446d629918bcdbb2022-02-14 08:45:05.803root 11241100x80000000000000001746609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66e68baf01023e42022-02-14 08:45:05.803root 11241100x80000000000000001746610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636c6d6cf9ee379e2022-02-14 08:45:05.803root 11241100x80000000000000001746611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.804{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8d0af86982eaf22022-02-14 08:45:05.804root 11241100x80000000000000001746612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.804{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad49422fa710b452022-02-14 08:45:05.804root 11241100x80000000000000001746613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.804{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aada41061fe0a792022-02-14 08:45:05.804root 11241100x80000000000000001746614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.804{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd331c14af89c8752022-02-14 08:45:05.804root 11241100x80000000000000001746615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.804{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f92206741d5f5f2022-02-14 08:45:05.804root 11241100x80000000000000001746616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.805{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e3b2d9e0074a482022-02-14 08:45:05.805root 11241100x80000000000000001746617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.805{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3340ee96ad9c1e2022-02-14 08:45:05.805root 11241100x80000000000000001746618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.805{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4feeb3d5cd3ff42022-02-14 08:45:05.805root 11241100x80000000000000001746619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.805{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db54605b844f1c2c2022-02-14 08:45:05.805root 11241100x80000000000000001746620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.806{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4120d67592b3c0f2022-02-14 08:45:05.806root 11241100x80000000000000001746621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.806{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ca026c6cf904072022-02-14 08:45:05.806root 11241100x80000000000000001746622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.806{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4723f5833d6ae8982022-02-14 08:45:05.806root 11241100x80000000000000001746623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.806{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab9d6c5252930972022-02-14 08:45:05.806root 11241100x80000000000000001746624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.807{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41fcbf1d13e44e32022-02-14 08:45:05.807root 11241100x80000000000000001746625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.807{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e698a82e97cc02b62022-02-14 08:45:05.807root 11241100x80000000000000001746626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.807{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234cf151b64b470c2022-02-14 08:45:05.807root 11241100x80000000000000001746627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.807{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b413efd5d3e31c2022-02-14 08:45:05.807root 11241100x80000000000000001746628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6fdd60bc0e197712022-02-14 08:45:05.808root 11241100x80000000000000001746629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba5d444b24d7fa72022-02-14 08:45:05.808root 11241100x80000000000000001746630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f47814ab5e9223f2022-02-14 08:45:05.808root 11241100x80000000000000001746631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a121c133f5892a2022-02-14 08:45:05.808root 11241100x80000000000000001746632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6925be6266d10a2022-02-14 08:45:05.808root 11241100x80000000000000001746633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3c4b4d4c2f44162022-02-14 08:45:05.808root 11241100x80000000000000001746634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5701c91b63eb5ab32022-02-14 08:45:05.809root 11241100x80000000000000001746635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcce81008b9dce62022-02-14 08:45:05.809root 11241100x80000000000000001746636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2774cd6b9afa2de2022-02-14 08:45:05.809root 11241100x80000000000000001746637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d959444db1a7012022-02-14 08:45:05.809root 11241100x80000000000000001746638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4282fceca7084e062022-02-14 08:45:05.809root 11241100x80000000000000001746639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.810{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88970f70316e8f8a2022-02-14 08:45:05.810root 11241100x80000000000000001746640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.810{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e5d6bad85796ab2022-02-14 08:45:05.810root 11241100x80000000000000001746641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.810{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2da237588a9afc2022-02-14 08:45:05.810root 11241100x80000000000000001746642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.810{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bbabcde62ad5072022-02-14 08:45:05.810root 11241100x80000000000000001746643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.810{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb716b8a4f114f4a2022-02-14 08:45:05.810root 11241100x80000000000000001746644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce0ae6771384eb02022-02-14 08:45:05.811root 11241100x80000000000000001746645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e88139c1fc126b2022-02-14 08:45:05.811root 11241100x80000000000000001746646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d3bb8fc29d33b22022-02-14 08:45:05.811root 11241100x80000000000000001746647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29664bfef23570c2022-02-14 08:45:05.811root 11241100x80000000000000001746648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a8542413207fd92022-02-14 08:45:05.811root 11241100x80000000000000001746649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.812{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9589ae2b44b3b6d22022-02-14 08:45:05.812root 11241100x80000000000000001746650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.812{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4323ec97528f6e0f2022-02-14 08:45:05.812root 11241100x80000000000000001746651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.812{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1886225bfb77552022-02-14 08:45:05.812root 11241100x80000000000000001746652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fd871d9083d2212022-02-14 08:45:05.813root 11241100x80000000000000001746653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b3168f4ce20d172022-02-14 08:45:05.813root 11241100x80000000000000001746654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf13c498ff3c11d2022-02-14 08:45:05.813root 11241100x80000000000000001746655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e03beb737dba1312022-02-14 08:45:05.813root 11241100x80000000000000001746656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead5df88967ef1942022-02-14 08:45:05.813root 11241100x80000000000000001746657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.814{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19e74cd2af04f7e2022-02-14 08:45:05.814root 11241100x80000000000000001746658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.814{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf774aa5ed374782022-02-14 08:45:05.814root 11241100x80000000000000001746659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.814{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3e14a2186a5ff62022-02-14 08:45:05.814root 11241100x80000000000000001746660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.814{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543362873079b0e32022-02-14 08:45:05.814root 11241100x80000000000000001746661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570982953410766d2022-02-14 08:45:05.815root 11241100x80000000000000001746662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.814{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.XUpQK82022-02-14 08:45:05.814root 23542300x80000000000000001746663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.814{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.XUpQK8--- 11241100x80000000000000001746664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef8900313a9d12c2022-02-14 08:45:05.815root 11241100x80000000000000001746665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a467233fabcaad882022-02-14 08:45:05.815root 11241100x80000000000000001746666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36f6017f102fb012022-02-14 08:45:05.815root 11241100x80000000000000001746667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaef91b66e5610522022-02-14 08:45:05.816root 11241100x80000000000000001746668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14554bdb3dc6e1fa2022-02-14 08:45:05.816root 11241100x80000000000000001746669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2e53510c47d4592022-02-14 08:45:05.816root 11241100x80000000000000001746670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1539c9b8664cdf2022-02-14 08:45:05.816root 11241100x80000000000000001746671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.817{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b2d156387ba8482022-02-14 08:45:05.817root 11241100x80000000000000001746672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.817{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf3403cb92e08742022-02-14 08:45:05.817root 11241100x80000000000000001746673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.817{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93cebf6dc9c0858c2022-02-14 08:45:05.817root 11241100x80000000000000001746674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.817{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f6ae46ae51ed0e2022-02-14 08:45:05.817root 11241100x80000000000000001746675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.817{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f3bb482aab354f2022-02-14 08:45:05.817root 11241100x80000000000000001746676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cf2f3bc5fc3c292022-02-14 08:45:05.818root 11241100x80000000000000001746677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5beb65de76a3442022-02-14 08:45:05.818root 11241100x80000000000000001746678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2d9369a07d5ff62022-02-14 08:45:05.818root 11241100x80000000000000001746679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a75b3d2a3eae2b2022-02-14 08:45:05.818root 11241100x80000000000000001746680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.819{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3755c32e73294a6c2022-02-14 08:45:05.819root 11241100x80000000000000001746681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.819{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b370c17a5855054b2022-02-14 08:45:05.819root 11241100x80000000000000001746682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.819{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.6s73TX2022-02-14 08:45:05.819root 23542300x80000000000000001746683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.819{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.6s73TX--- 11241100x80000000000000001746684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.819{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1c5f909e3007c62022-02-14 08:45:05.819root 11241100x80000000000000001746685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.819{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93704e41f8fc06862022-02-14 08:45:05.819root 11241100x80000000000000001746686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.819{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d16c470a7775e32022-02-14 08:45:05.819root 11241100x80000000000000001746687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.820{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0f870714985ece2022-02-14 08:45:05.820root 11241100x80000000000000001746688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.820{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5642630331683a202022-02-14 08:45:05.820root 11241100x80000000000000001746689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.820{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7e59aba74c12c42022-02-14 08:45:05.820root 11241100x80000000000000001746690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.820{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a305dbd48770582022-02-14 08:45:05.820root 11241100x80000000000000001746691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.821{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a6094fc86757ee2022-02-14 08:45:05.821root 11241100x80000000000000001746692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.821{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c334f53feb494db52022-02-14 08:45:05.821root 11241100x80000000000000001746693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.821{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8104d2ca8f756ac72022-02-14 08:45:05.821root 11241100x80000000000000001746694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.821{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc895d4fe82c2cc2022-02-14 08:45:05.821root 11241100x80000000000000001746695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.821{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21862ad723aba2862022-02-14 08:45:05.821root 11241100x80000000000000001746696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.822{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e269a4256ed9ad2022-02-14 08:45:05.822root 11241100x80000000000000001746697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.822{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347048e05ea7fcd62022-02-14 08:45:05.822root 11241100x80000000000000001746698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.822{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45047dca0aa9aa372022-02-14 08:45:05.822root 11241100x80000000000000001746699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.823{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048a6dbcd2c3aa042022-02-14 08:45:05.823root 11241100x80000000000000001746700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.823{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81173e61772830022022-02-14 08:45:05.823root 11241100x80000000000000001746701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.823{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e909ca1042d52e2022-02-14 08:45:05.823root 11241100x80000000000000001746702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.823{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00099a34a0b93dfe2022-02-14 08:45:05.823root 11241100x80000000000000001746703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.824{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a5569663e33a672022-02-14 08:45:05.824root 11241100x80000000000000001746704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.823{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.ZyzZ3M2022-02-14 08:45:05.823root 23542300x80000000000000001746705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.823{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.ZyzZ3M--- 11241100x80000000000000001746706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.824{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e7f2ffc96c3c2f2022-02-14 08:45:05.824root 11241100x80000000000000001746707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.824{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f57e34307a923fc2022-02-14 08:45:05.824root 11241100x80000000000000001746708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.824{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a138543a5550288e2022-02-14 08:45:05.824root 11241100x80000000000000001746709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.825{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea537a97ecc4b942022-02-14 08:45:05.825root 11241100x80000000000000001746710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.825{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bd015c8034e86b2022-02-14 08:45:05.825root 11241100x80000000000000001746711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.825{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.sohaeC2022-02-14 08:45:05.825root 23542300x80000000000000001746712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.825{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.sohaeC--- 11241100x80000000000000001746713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.826{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.birBor2022-02-14 08:45:05.826root 23542300x80000000000000001746714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.826{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.birBor--- 11241100x80000000000000001746715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.825{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77856201d7eb59792022-02-14 08:45:05.825root 11241100x80000000000000001746716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.825{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d708dbb50839ba872022-02-14 08:45:05.825root 11241100x80000000000000001746717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.826{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246e90377f053f5b2022-02-14 08:45:05.826root 11241100x80000000000000001746718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.826{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0aa5ebe7cf660ed2022-02-14 08:45:05.826root 11241100x80000000000000001746719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.826{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc775efbf3ddf892022-02-14 08:45:05.826root 11241100x80000000000000001746720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.827{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0eeb6421d6bae32022-02-14 08:45:05.827root 11241100x80000000000000001746721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.827{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545d9329769b34522022-02-14 08:45:05.827root 11241100x80000000000000001746722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.827{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bc507e50a0f02d2022-02-14 08:45:05.827root 11241100x80000000000000001746723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.827{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2db67abd94775d2022-02-14 08:45:05.827root 11241100x80000000000000001746724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.828{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5308e5a7dda76ff22022-02-14 08:45:05.828root 11241100x80000000000000001746725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.830{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.UJjLzg2022-02-14 08:45:05.830root 23542300x80000000000000001746726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.830{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.UJjLzg--- 11241100x80000000000000001746727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.828{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bb152d26c9d4552022-02-14 08:45:05.828root 11241100x80000000000000001746728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.828{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0a4a83d365d1e52022-02-14 08:45:05.828root 11241100x80000000000000001746729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.828{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3c631a0756d4b42022-02-14 08:45:05.828root 11241100x80000000000000001746730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.829{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ec9022ef87639e2022-02-14 08:45:05.829root 11241100x80000000000000001746731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.829{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2907a5e9aeded0962022-02-14 08:45:05.829root 11241100x80000000000000001746732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.829{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6326df347a40bbc2022-02-14 08:45:05.829root 11241100x80000000000000001746733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.829{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f9ba07cea6dbf52022-02-14 08:45:05.829root 11241100x80000000000000001746734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.829{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a616b982a1218932022-02-14 08:45:05.829root 11241100x80000000000000001746735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.830{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01fea873cce810b52022-02-14 08:45:05.830root 11241100x80000000000000001746736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.830{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd6f7262a53140b2022-02-14 08:45:05.830root 11241100x80000000000000001746737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.831{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b643905f5ba2f642022-02-14 08:45:05.831root 11241100x80000000000000001746738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.831{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d955e49100bf3f2022-02-14 08:45:05.831root 11241100x80000000000000001746739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.831{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ea10df12ef5ec02022-02-14 08:45:05.831root 11241100x80000000000000001746740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.832{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.PpRaL52022-02-14 08:45:05.832root 23542300x80000000000000001746741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.832{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.PpRaL5--- 11241100x80000000000000001746742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.831{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f31aa839b2b52d2022-02-14 08:45:05.831root 11241100x80000000000000001746743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.832{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d75e6faff8ac1b12022-02-14 08:45:05.832root 11241100x80000000000000001746744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.832{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41a2d115fc57ab92022-02-14 08:45:05.832root 11241100x80000000000000001746745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.832{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598425f2562166882022-02-14 08:45:05.832root 11241100x80000000000000001746746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.832{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8606c552dcf375872022-02-14 08:45:05.832root 11241100x80000000000000001746747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.833{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e687fe9df4098f2022-02-14 08:45:05.833root 11241100x80000000000000001746748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.833{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7381b5ab6b212c82022-02-14 08:45:05.833root 11241100x80000000000000001746749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.833{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f38145883f50c5c2022-02-14 08:45:05.833root 11241100x80000000000000001746750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.834{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39e4bbaeaf497202022-02-14 08:45:05.834root 11241100x80000000000000001746751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.834{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d408c9b830a9f0e32022-02-14 08:45:05.834root 11241100x80000000000000001746752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.834{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150aa550a4630b1e2022-02-14 08:45:05.834root 11241100x80000000000000001746753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.834{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a49c2e1ed76bb22022-02-14 08:45:05.834root 11241100x80000000000000001746754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb22a3f1d5519f82022-02-14 08:45:05.835root 11241100x80000000000000001746755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f77801ee2873412022-02-14 08:45:05.835root 11241100x80000000000000001746756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1f3b91cf4e76932022-02-14 08:45:05.835root 11241100x80000000000000001746757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.836{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3c9fd1d7aeb2582022-02-14 08:45:05.836root 11241100x80000000000000001746758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.836{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c492603253edd32022-02-14 08:45:05.836root 11241100x80000000000000001746759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.836{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.ueliXU2022-02-14 08:45:05.836root 23542300x80000000000000001746760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.836{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.ueliXU--- 11241100x80000000000000001746761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.838{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.fjlG9J2022-02-14 08:45:05.838root 23542300x80000000000000001746762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.838{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.fjlG9J--- 11241100x80000000000000001746763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.836{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84217125309d417a2022-02-14 08:45:05.836root 11241100x80000000000000001746764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.836{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241025562b55be562022-02-14 08:45:05.836root 11241100x80000000000000001746765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.836{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac75ce28b2780a6b2022-02-14 08:45:05.836root 11241100x80000000000000001746766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.837{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8f902b566215222022-02-14 08:45:05.837root 11241100x80000000000000001746767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.837{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dba385a3f8d99a42022-02-14 08:45:05.837root 11241100x80000000000000001746768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.837{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b6e522d493d0dd2022-02-14 08:45:05.837root 11241100x80000000000000001746769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.838{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1be5695556d78d2022-02-14 08:45:05.838root 11241100x80000000000000001746770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.838{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566a504d644a513d2022-02-14 08:45:05.838root 11241100x80000000000000001746771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.838{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8c310ffc74f9e52022-02-14 08:45:05.838root 11241100x80000000000000001746772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.839{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68a3fa4737d49982022-02-14 08:45:05.839root 11241100x80000000000000001746773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.839{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.Wachmz2022-02-14 08:45:05.839root 23542300x80000000000000001746774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.839{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.Wachmz--- 11241100x80000000000000001746775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.839{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3204e37ceadd8e32022-02-14 08:45:05.839root 11241100x80000000000000001746776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.839{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50ead4386e1dadd2022-02-14 08:45:05.839root 11241100x80000000000000001746777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.839{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ddc603b81f2b712022-02-14 08:45:05.839root 11241100x80000000000000001746778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.840{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5986dae5570298ce2022-02-14 08:45:05.840root 11241100x80000000000000001746779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.840{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3a413da1c3dc0a2022-02-14 08:45:05.840root 11241100x80000000000000001746780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.840{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c02175eae1cbbe2022-02-14 08:45:05.840root 11241100x80000000000000001746781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.840{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.NRJ4yo2022-02-14 08:45:05.840root 23542300x80000000000000001746782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.840{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.NRJ4yo--- 11241100x80000000000000001746783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.840{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ffd2acd6c2a7952022-02-14 08:45:05.840root 11241100x80000000000000001746784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.840{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb762bab51b966f82022-02-14 08:45:05.840root 11241100x80000000000000001746785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.841{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2409d3282f1b69272022-02-14 08:45:05.841root 11241100x80000000000000001746786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.841{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b24bff1cb4798652022-02-14 08:45:05.841root 11241100x80000000000000001746787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.841{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b658cf60342fbf172022-02-14 08:45:05.841root 11241100x80000000000000001746788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.842{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.0qZ7Ld2022-02-14 08:45:05.842root 23542300x80000000000000001746789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.842{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.0qZ7Ld--- 11241100x80000000000000001746790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.842{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7d7babaea94b5d2022-02-14 08:45:05.842root 11241100x80000000000000001746791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.842{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ba152d5caf425c2022-02-14 08:45:05.842root 11241100x80000000000000001746792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.842{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c9b43b8d89d1b92022-02-14 08:45:05.842root 11241100x80000000000000001746793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.843{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964498345ad324642022-02-14 08:45:05.843root 11241100x80000000000000001746794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.843{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1da74fe27a16d152022-02-14 08:45:05.843root 11241100x80000000000000001746795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.843{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.VV9oZ22022-02-14 08:45:05.843root 23542300x80000000000000001746796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.843{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.VV9oZ2--- 11241100x80000000000000001746797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.843{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8074daac418dd44b2022-02-14 08:45:05.843root 11241100x80000000000000001746798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.843{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554763c2a138f8732022-02-14 08:45:05.843root 11241100x80000000000000001746799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.844{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b3246a6fad4a5a2022-02-14 08:45:05.844root 11241100x80000000000000001746800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.844{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a12a4805154f60b2022-02-14 08:45:05.844root 11241100x80000000000000001746801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.844{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda36545974d5ec42022-02-14 08:45:05.844root 11241100x80000000000000001746802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.844{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.8WqVcS2022-02-14 08:45:05.844root 23542300x80000000000000001746803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.844{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.8WqVcS--- 11241100x80000000000000001746804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.844{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d0de001e27b28f2022-02-14 08:45:05.844root 11241100x80000000000000001746805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.845{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec013d330d813362022-02-14 08:45:05.845root 11241100x80000000000000001746806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.845{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ba705ca831fcff2022-02-14 08:45:05.845root 11241100x80000000000000001746807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.845{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5551289fce5fc6452022-02-14 08:45:05.845root 11241100x80000000000000001746808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.845{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1e5bf21c077b512022-02-14 08:45:05.845root 11241100x80000000000000001746809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.846{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d981e7e8e3b4eb2c2022-02-14 08:45:05.846root 11241100x80000000000000001746810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.846{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d73defa3adfaf12022-02-14 08:45:05.846root 11241100x80000000000000001746811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.846{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.LEhIqH2022-02-14 08:45:05.846root 23542300x80000000000000001746812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.846{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.LEhIqH--- 11241100x80000000000000001746813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.846{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ffa4fa221927db2022-02-14 08:45:05.846root 11241100x80000000000000001746814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.846{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fd0d63d00563d32022-02-14 08:45:05.846root 11241100x80000000000000001746815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.847{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c443155f465a7b522022-02-14 08:45:05.847root 11241100x80000000000000001746816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.847{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b612abfc905f465a2022-02-14 08:45:05.847root 11241100x80000000000000001746817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.847{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4b8134346ba1442022-02-14 08:45:05.847root 11241100x80000000000000001746818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.847{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b25b0ff51905ff2022-02-14 08:45:05.847root 11241100x80000000000000001746819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.847{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3969d3010d139842022-02-14 08:45:05.847root 11241100x80000000000000001746820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.847{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abddc83468067de22022-02-14 08:45:05.847root 11241100x80000000000000001746821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.847{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.6j5JEw2022-02-14 08:45:05.847root 23542300x80000000000000001746822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.847{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.6j5JEw--- 11241100x80000000000000001746823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.847{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab794d17c9671322022-02-14 08:45:05.847root 11241100x80000000000000001746824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.848{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b42a8ef601e3262022-02-14 08:45:05.848root 11241100x80000000000000001746825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.848{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36480c748778903d2022-02-14 08:45:05.848root 11241100x80000000000000001746826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.848{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39e011cabccac362022-02-14 08:45:05.848root 11241100x80000000000000001746827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.848{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d65e006d7044922022-02-14 08:45:05.848root 11241100x80000000000000001746828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.848{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3760c47e3d18f4d72022-02-14 08:45:05.848root 11241100x80000000000000001746829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.848{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d50a4cc5c718d8e2022-02-14 08:45:05.848root 11241100x80000000000000001746830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.849{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/tmp/fileutl.message.1xH4Sl2022-02-14 08:45:05.849root 23542300x80000000000000001746831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.849{ec2ab09f-1691-620a-a036-7b0000000000}1951root/usr/bin/python3.6/tmp/fileutl.message.1xH4Sl--- 154100x80000000000000001746832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.852{ec2ab09f-1691-620a-a036-7b0000000000}2018/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -c -s/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000001746833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.907{ec2ab09f-1691-620a-a036-7b0000000000}2018/usr/bin/python3.6root 154100x80000000000000001746834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.914{ec2ab09f-1691-620a-a036-7b0000000000}2019/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -c -s/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000001746835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.992{ec2ab09f-1691-620a-a036-7b0000000000}2019/usr/bin/python3.6root 154100x80000000000000001746836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:05.995{ec2ab09f-1691-620a-a036-7b0000000000}2020/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -c -s/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000001746837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.090{ec2ab09f-1691-620a-a036-7b0000000000}2020/usr/bin/python3.6root 154100x80000000000000001746838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.093{ec2ab09f-1692-620a-a036-7b0000000000}2021/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -r -s/root{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000001746839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.133{ec2ab09f-1692-620a-a036-7b0000000000}2021/usr/bin/python3.6root 354300x80000000000000001746840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.147{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6rootudptruefalse127.0.0.1-53039-false127.0.0.53-53- 354300x80000000000000001746841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.147{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-42437-false10.0.0.2-53- 354300x80000000000000001746842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.147{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-49743-false10.0.0.2-53- 354300x80000000000000001746843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.149{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-53039- 354300x80000000000000001746844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.149{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6rootudpfalsefalse127.0.0.53-53-false127.0.0.1-53039- 11241100x80000000000000001746845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.164{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489/lib/systemd/systemd-udevd/run/udev/queue2022-02-14 08:45:06.164root 23542300x80000000000000001746846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.168{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000001746847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.169{ec2ab09f-1691-620a-0000-000000000000}2024-root 534500x80000000000000001746848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.169{00000000-0000-0000-0000-000000000000}2023<unknown process>root 354300x80000000000000001746849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.179{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6roottcptruefalse10.0.1.20-59830-false185.125.190.18-443- 534500x80000000000000001746850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.218{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6root 534500x80000000000000001746851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.232{ec2ab09f-1691-620a-a036-7b0000000000}1951/usr/bin/python3.6root 11241100x80000000000000001746852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.546{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3205deb1d932242022-02-14 08:45:06.546root 11241100x80000000000000001746853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.547{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec39d86d823ce5fe2022-02-14 08:45:06.547root 11241100x80000000000000001746854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.547{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f2c7d1a14dfd332022-02-14 08:45:06.547root 11241100x80000000000000001746855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.547{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44481007a30aade2022-02-14 08:45:06.547root 11241100x80000000000000001746856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.547{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f088038e74c2840a2022-02-14 08:45:06.547root 11241100x80000000000000001746857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.547{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a5d5145dc107252022-02-14 08:45:06.547root 11241100x80000000000000001746858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.547{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0657aa3a21912c622022-02-14 08:45:06.547root 11241100x80000000000000001746859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.547{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0569eb261d50edec2022-02-14 08:45:06.547root 11241100x80000000000000001746860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.547{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede9a47b7bcf77f92022-02-14 08:45:06.547root 11241100x80000000000000001746861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.547{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c186e004ea1c8c2022-02-14 08:45:06.547root 11241100x80000000000000001746862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.547{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84b1eddec3e04ec2022-02-14 08:45:06.547root 11241100x80000000000000001746863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.547{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4546332e60ec672022-02-14 08:45:06.547root 11241100x80000000000000001746864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.548{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d46662a4d5f82a2022-02-14 08:45:06.548root 11241100x80000000000000001746865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.548{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c91f8d95c9545c2022-02-14 08:45:06.548root 11241100x80000000000000001746866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.548{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3032dfb5861706d22022-02-14 08:45:06.548root 11241100x80000000000000001746867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.548{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba639750bada7c92022-02-14 08:45:06.548root 11241100x80000000000000001746868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.548{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09714c1ac83295652022-02-14 08:45:06.548root 11241100x80000000000000001746869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.548{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024df969946a028e2022-02-14 08:45:06.548root 11241100x80000000000000001746870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.548{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39eab2f5ee85f70a2022-02-14 08:45:06.548root 11241100x80000000000000001746871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.548{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce1d483cb76588e2022-02-14 08:45:06.548root 11241100x80000000000000001746872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.548{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9eb6fe4a54cc1b22022-02-14 08:45:06.548root 11241100x80000000000000001746873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.548{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fbcf73c0c8b56c2022-02-14 08:45:06.548root 11241100x80000000000000001746874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.548{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03443fa187b707b12022-02-14 08:45:06.548root 11241100x80000000000000001746875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.549{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60cd4cd0b09decd2022-02-14 08:45:06.549root 11241100x80000000000000001746876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.549{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0076e5acaf37f9d72022-02-14 08:45:06.549root 11241100x80000000000000001746877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.549{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f888201fabc3aac2022-02-14 08:45:06.549root 11241100x80000000000000001746878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.549{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbe32395d063a072022-02-14 08:45:06.549root 11241100x80000000000000001746879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.549{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bb1211a7bcab5e2022-02-14 08:45:06.549root 11241100x80000000000000001746880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.549{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2974e4e943d9fa92022-02-14 08:45:06.549root 11241100x80000000000000001746881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.549{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d228110b6c0ac92022-02-14 08:45:06.549root 11241100x80000000000000001746882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.549{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5869c3045fceae4d2022-02-14 08:45:06.549root 11241100x80000000000000001746883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.549{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3a4f246851f1212022-02-14 08:45:06.549root 11241100x80000000000000001746884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.550{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8154d8b012f2e5d72022-02-14 08:45:06.550root 11241100x80000000000000001746885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.550{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2b32c0fb98d5d62022-02-14 08:45:06.550root 11241100x80000000000000001746886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.550{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31101c49822f4fc32022-02-14 08:45:06.550root 11241100x80000000000000001746887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.550{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218186690869196a2022-02-14 08:45:06.550root 11241100x80000000000000001746888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.550{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446411d4fbb476e62022-02-14 08:45:06.550root 11241100x80000000000000001746889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.550{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67bd63c0045b03e2022-02-14 08:45:06.550root 11241100x80000000000000001746890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.550{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d366a823f5282f942022-02-14 08:45:06.550root 11241100x80000000000000001746891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.550{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2d2a5c3c47c84f2022-02-14 08:45:06.550root 11241100x80000000000000001746892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.551{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfcc167514eb1dc2022-02-14 08:45:06.551root 11241100x80000000000000001746893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.551{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab3b1be5ef0bf652022-02-14 08:45:06.551root 11241100x80000000000000001746894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.551{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525f4883622a50a02022-02-14 08:45:06.551root 11241100x80000000000000001746895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.551{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171c39d4c88b11f22022-02-14 08:45:06.551root 11241100x80000000000000001746896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.551{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d636ff300f4b432022-02-14 08:45:06.551root 11241100x80000000000000001746897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.551{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115273c48cb7ed9e2022-02-14 08:45:06.551root 11241100x80000000000000001746898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.551{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9140ef17b4427c5b2022-02-14 08:45:06.551root 11241100x80000000000000001746899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.551{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212be03c935d420b2022-02-14 08:45:06.551root 11241100x80000000000000001746900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.552{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c460f8524a808ce2022-02-14 08:45:06.552root 11241100x80000000000000001746901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.552{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344a992a74d98bdd2022-02-14 08:45:06.552root 11241100x80000000000000001746902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.552{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c740e5e15afdaace2022-02-14 08:45:06.552root 11241100x80000000000000001746903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.552{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56955d61dd94e4b82022-02-14 08:45:06.552root 11241100x80000000000000001746904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.552{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69499801a12fdbef2022-02-14 08:45:06.552root 11241100x80000000000000001746905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.552{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1d18a9f7e450062022-02-14 08:45:06.552root 11241100x80000000000000001746906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.552{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049b4a089bc818dd2022-02-14 08:45:06.552root 11241100x80000000000000001746907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.552{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44b7268be1042d82022-02-14 08:45:06.552root 11241100x80000000000000001746908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.553{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd8a8b0841c90a32022-02-14 08:45:06.553root 11241100x80000000000000001746909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.553{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec4e491d6be87352022-02-14 08:45:06.553root 11241100x80000000000000001746910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.553{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495d0d91fbb4042c2022-02-14 08:45:06.553root 11241100x80000000000000001746911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.554{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4010728f18a6dbb32022-02-14 08:45:06.554root 11241100x80000000000000001746912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.554{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0a9c5dd41437352022-02-14 08:45:06.554root 11241100x80000000000000001746913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.554{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad93c2b05445e152022-02-14 08:45:06.554root 11241100x80000000000000001746914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.554{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0530cf8ed8dea12022-02-14 08:45:06.554root 11241100x80000000000000001746915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.555{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2478b3e04a66cd22022-02-14 08:45:06.555root 11241100x80000000000000001746916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.555{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4540777c42a9371c2022-02-14 08:45:06.555root 11241100x80000000000000001746917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.555{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1e51639faace8f2022-02-14 08:45:06.555root 11241100x80000000000000001746918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.556{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37abccb98808e21d2022-02-14 08:45:06.556root 11241100x80000000000000001746919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.556{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8def73e46dc0d1b62022-02-14 08:45:06.556root 11241100x80000000000000001746920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.556{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6e804785c90b562022-02-14 08:45:06.556root 11241100x80000000000000001746921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.556{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8332803500903932022-02-14 08:45:06.556root 11241100x80000000000000001746922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.556{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df298f18781d676d2022-02-14 08:45:06.556root 11241100x80000000000000001746923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.557{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313938d4828bdfa52022-02-14 08:45:06.557root 11241100x80000000000000001746924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.557{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e365286085f75e822022-02-14 08:45:06.557root 11241100x80000000000000001746925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.557{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a2ead73a8526ab2022-02-14 08:45:06.557root 11241100x80000000000000001746926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.557{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60b1ec8f7e314092022-02-14 08:45:06.557root 11241100x80000000000000001746927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.558{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83685cb0096d3392022-02-14 08:45:06.558root 11241100x80000000000000001746928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.558{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627cd8a1c7b338d92022-02-14 08:45:06.558root 11241100x80000000000000001746929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.558{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bad0ae344e74b62022-02-14 08:45:06.558root 11241100x80000000000000001746930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.559{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3b65a21b1f08ad2022-02-14 08:45:06.559root 11241100x80000000000000001746931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.559{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbbd5b5ffcbd8b42022-02-14 08:45:06.559root 11241100x80000000000000001746932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.559{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809cd8e2baf919b82022-02-14 08:45:06.559root 11241100x80000000000000001746933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.559{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49209495250df042022-02-14 08:45:06.559root 11241100x80000000000000001746934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.559{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbac21c6fc48be62022-02-14 08:45:06.559root 11241100x80000000000000001746935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.559{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d8006d654391d62022-02-14 08:45:06.559root 11241100x80000000000000001746936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.559{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe1d1dfa80dcabd2022-02-14 08:45:06.559root 11241100x80000000000000001746937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.559{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005a176536e1a19b2022-02-14 08:45:06.559root 11241100x80000000000000001746938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.559{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f8dddd63277ecd2022-02-14 08:45:06.559root 11241100x80000000000000001746939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.559{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55c0af33f6056ba2022-02-14 08:45:06.559root 11241100x80000000000000001746940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.559{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3346efac1b213f22022-02-14 08:45:06.559root 11241100x80000000000000001746941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.560{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf34f43398e8af0b2022-02-14 08:45:06.560root 11241100x80000000000000001746942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.560{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7dc28e9ab78f382022-02-14 08:45:06.560root 11241100x80000000000000001746943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.560{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e145cdb32c556fb2022-02-14 08:45:06.560root 11241100x80000000000000001746944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.560{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8780c8b565575b82022-02-14 08:45:06.560root 11241100x80000000000000001746945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.560{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650b5805e7743b422022-02-14 08:45:06.560root 11241100x80000000000000001746946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.560{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cd8b582aa7b3472022-02-14 08:45:06.560root 11241100x80000000000000001746947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.560{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0213639291623eaa2022-02-14 08:45:06.560root 11241100x80000000000000001746948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.560{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882f91a43ba70ad92022-02-14 08:45:06.560root 11241100x80000000000000001746949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.560{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7411374e30d6b0ed2022-02-14 08:45:06.560root 11241100x80000000000000001746950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.560{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41e9b2405f9ac602022-02-14 08:45:06.560root 11241100x80000000000000001746951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.560{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019f92c7446465042022-02-14 08:45:06.560root 11241100x80000000000000001746952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.560{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3b743bc8ce30da2022-02-14 08:45:06.560root 11241100x80000000000000001746953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.560{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2305b8f030a799dd2022-02-14 08:45:06.560root 11241100x80000000000000001746954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.561{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a9581cab2aed962022-02-14 08:45:06.561root 11241100x80000000000000001746955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.561{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa2dd8209cbf4cb2022-02-14 08:45:06.561root 11241100x80000000000000001746956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.561{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50132e6263bf83952022-02-14 08:45:06.561root 11241100x80000000000000001746957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.561{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb81185f9c498b92022-02-14 08:45:06.561root 11241100x80000000000000001746958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.561{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f21c3b8fd55a852022-02-14 08:45:06.561root 11241100x80000000000000001746959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.561{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2816833babe6342022-02-14 08:45:06.561root 11241100x80000000000000001746960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.561{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eae9d5ad8ade80e2022-02-14 08:45:06.561root 11241100x80000000000000001746961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.561{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31f7bafa6fad7b72022-02-14 08:45:06.561root 11241100x80000000000000001746962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.561{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368bbe63a6db45f42022-02-14 08:45:06.561root 11241100x80000000000000001746963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.561{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e57619e386aa372022-02-14 08:45:06.561root 11241100x80000000000000001746964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.563{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d24fb854e05de02022-02-14 08:45:06.563root 11241100x80000000000000001746965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.563{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda7dd812863a8372022-02-14 08:45:06.563root 11241100x80000000000000001746966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.563{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ca78b3a7898c002022-02-14 08:45:06.563root 11241100x80000000000000001746967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.563{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a96165bcbd36822022-02-14 08:45:06.563root 11241100x80000000000000001746968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.564{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8791ca23744a44e52022-02-14 08:45:06.564root 11241100x80000000000000001746969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.564{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d22b9edc8551bb2022-02-14 08:45:06.564root 11241100x80000000000000001746970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.564{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305514e81a4dce322022-02-14 08:45:06.564root 11241100x80000000000000001746971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.564{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd97a6657413e272022-02-14 08:45:06.564root 11241100x80000000000000001746972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.564{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7447d3d20bd805f72022-02-14 08:45:06.564root 11241100x80000000000000001746973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.564{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2000a38be0918d2022-02-14 08:45:06.564root 11241100x80000000000000001746974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.564{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a1ee92658a431f2022-02-14 08:45:06.564root 11241100x80000000000000001746975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.564{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8626b68601250972022-02-14 08:45:06.564root 11241100x80000000000000001746976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.564{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b69c1d51beea6282022-02-14 08:45:06.564root 11241100x80000000000000001746977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.564{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d9ffd5efc55e112022-02-14 08:45:06.564root 11241100x80000000000000001746978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.565{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654e92e73ce922532022-02-14 08:45:06.565root 11241100x80000000000000001746979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.565{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ec8d0cb8bca9cd2022-02-14 08:45:06.565root 11241100x80000000000000001746980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.565{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd31bb220acacb72022-02-14 08:45:06.565root 11241100x80000000000000001746981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.565{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6322e0541e6992e22022-02-14 08:45:06.565root 11241100x80000000000000001746982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.565{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6080e860f86b35c2022-02-14 08:45:06.565root 11241100x80000000000000001746983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.565{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538310fcfdc581372022-02-14 08:45:06.565root 11241100x80000000000000001746984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.565{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636eb6e7d8f4889c2022-02-14 08:45:06.565root 11241100x80000000000000001746985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.566{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfedd74eb0f0d1242022-02-14 08:45:06.566root 11241100x80000000000000001746986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.566{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741a38e74fdd5f172022-02-14 08:45:06.566root 11241100x80000000000000001746987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.566{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f9db62dd01fe932022-02-14 08:45:06.566root 11241100x80000000000000001746988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.566{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4995d10d05ae23ca2022-02-14 08:45:06.566root 11241100x80000000000000001746989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.566{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b32cf935d715352022-02-14 08:45:06.566root 11241100x80000000000000001746990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.566{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cad4d31b314728b2022-02-14 08:45:06.566root 11241100x80000000000000001746991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.566{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6054ef03cb0e31492022-02-14 08:45:06.566root 11241100x80000000000000001746992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.566{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0f8d322d3f49e72022-02-14 08:45:06.566root 11241100x80000000000000001746993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.566{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14bace1a40015572022-02-14 08:45:06.566root 11241100x80000000000000001746994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.566{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8241acc1fe8f108a2022-02-14 08:45:06.566root 11241100x80000000000000001746995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.566{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88d211732375b202022-02-14 08:45:06.566root 11241100x80000000000000001746996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.566{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35b98736f165a872022-02-14 08:45:06.566root 11241100x80000000000000001746997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.566{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009dc0796aac42f82022-02-14 08:45:06.566root 11241100x80000000000000001746998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.566{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63242998c05898282022-02-14 08:45:06.566root 11241100x80000000000000001746999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.567{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e583910292fee9dd2022-02-14 08:45:06.567root 11241100x80000000000000001747000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.567{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1456e8a0c64646b2022-02-14 08:45:06.567root 11241100x80000000000000001747001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.567{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e40aa78a1c3dcd2022-02-14 08:45:06.567root 11241100x80000000000000001747002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.567{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6544371c12833c802022-02-14 08:45:06.567root 11241100x80000000000000001747003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.567{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d198b40f9b0efa952022-02-14 08:45:06.567root 11241100x80000000000000001747004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.567{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b3c9dd9ce14b4c2022-02-14 08:45:06.567root 11241100x80000000000000001747005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.567{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c1b018d9b199fe2022-02-14 08:45:06.567root 11241100x80000000000000001747006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.567{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470deb58ddc408eb2022-02-14 08:45:06.567root 11241100x80000000000000001747007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.567{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a22feb53364d062022-02-14 08:45:06.567root 11241100x80000000000000001747008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.567{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85763219a5e64f72022-02-14 08:45:06.567root 11241100x80000000000000001747009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.567{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708bfdae7b968fbe2022-02-14 08:45:06.567root 11241100x80000000000000001747010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.567{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7e9e74415ac9c52022-02-14 08:45:06.567root 11241100x80000000000000001747011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.567{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b660871bec083d2022-02-14 08:45:06.567root 11241100x80000000000000001747012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.567{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9e4274dca180362022-02-14 08:45:06.567root 11241100x80000000000000001747013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.567{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7568bf1f5522b5042022-02-14 08:45:06.567root 11241100x80000000000000001747014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.567{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35922c5e34c1161b2022-02-14 08:45:06.567root 11241100x80000000000000001747015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.567{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0ab25312c75e5d2022-02-14 08:45:06.567root 11241100x80000000000000001747016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.568{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98da9e979dc269112022-02-14 08:45:06.568root 11241100x80000000000000001747017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.568{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c702de674b457752022-02-14 08:45:06.568root 11241100x80000000000000001747018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.568{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74e91e469e082b52022-02-14 08:45:06.568root 11241100x80000000000000001747019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.568{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa08cccacff72752022-02-14 08:45:06.568root 11241100x80000000000000001747020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.569{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9796fb86def37d142022-02-14 08:45:06.569root 11241100x80000000000000001747021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.569{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b86ed75e07187152022-02-14 08:45:06.569root 11241100x80000000000000001747022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.570{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cd7c57cd01fb992022-02-14 08:45:06.570root 11241100x80000000000000001747023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.570{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322cfc09f8af59d72022-02-14 08:45:06.570root 11241100x80000000000000001747024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.570{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc1834cc05b514e2022-02-14 08:45:06.570root 11241100x80000000000000001747025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.570{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395eeaffe0cb170f2022-02-14 08:45:06.570root 11241100x80000000000000001747026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.570{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ddff03ddbc49412022-02-14 08:45:06.570root 11241100x80000000000000001747027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.570{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240100520920b3252022-02-14 08:45:06.570root 11241100x80000000000000001747028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.570{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80008bd2692521a72022-02-14 08:45:06.570root 11241100x80000000000000001747029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.570{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c44cb6b165cba6e2022-02-14 08:45:06.570root 11241100x80000000000000001747030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.570{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37588a48feda87b02022-02-14 08:45:06.570root 11241100x80000000000000001747031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.570{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8a8571141c8fbd2022-02-14 08:45:06.570root 11241100x80000000000000001747032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.570{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216db13d1bb8ffbc2022-02-14 08:45:06.570root 11241100x80000000000000001747033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.570{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a673a5e72c197202022-02-14 08:45:06.570root 11241100x80000000000000001747034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:06.570{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ac7e50f39d430a2022-02-14 08:45:06.570root 354300x80000000000000001747035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.167{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51504-false10.0.1.12-8000- 11241100x80000000000000001747036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.328{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79e534a85c604b62022-02-14 08:45:07.328root 11241100x80000000000000001747037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.329{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf58a29fd8cdc892022-02-14 08:45:07.329root 11241100x80000000000000001747038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.329{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30bdaca1f54fd972022-02-14 08:45:07.329root 11241100x80000000000000001747039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.329{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca477ebb54794602022-02-14 08:45:07.329root 11241100x80000000000000001747040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.329{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db7368c1106561f2022-02-14 08:45:07.329root 11241100x80000000000000001747041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.329{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b11545675622d232022-02-14 08:45:07.329root 11241100x80000000000000001747042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.329{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0dd917fa773531b2022-02-14 08:45:07.329root 11241100x80000000000000001747043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.329{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a66d49940e078082022-02-14 08:45:07.329root 11241100x80000000000000001747044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.329{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e642312476d75c2022-02-14 08:45:07.329root 11241100x80000000000000001747045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.329{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ce2fef4e6943312022-02-14 08:45:07.329root 11241100x80000000000000001747046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.329{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d17384161b445562022-02-14 08:45:07.329root 11241100x80000000000000001747047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.330{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6023ad354ab6432022-02-14 08:45:07.330root 11241100x80000000000000001747048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.330{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020c40cff4c2f7102022-02-14 08:45:07.330root 11241100x80000000000000001747049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.330{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5660863d8109a6c02022-02-14 08:45:07.330root 11241100x80000000000000001747050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.330{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707c4e2c2cb3dded2022-02-14 08:45:07.330root 11241100x80000000000000001747051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.330{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6189a49af15eafba2022-02-14 08:45:07.330root 11241100x80000000000000001747052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.330{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6dce791672bb0b2022-02-14 08:45:07.330root 11241100x80000000000000001747053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.330{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafe0cd001e275792022-02-14 08:45:07.330root 11241100x80000000000000001747054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.330{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1ea0cb2f22cb492022-02-14 08:45:07.330root 11241100x80000000000000001747055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.330{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4b9226109727072022-02-14 08:45:07.330root 11241100x80000000000000001747056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.330{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac1ee7f1f94d9b72022-02-14 08:45:07.330root 11241100x80000000000000001747057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.331{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cee3bcf12d8786a2022-02-14 08:45:07.331root 11241100x80000000000000001747058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.331{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b042b29835a7c92022-02-14 08:45:07.331root 11241100x80000000000000001747059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.331{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e59829f60552a662022-02-14 08:45:07.331root 11241100x80000000000000001747060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.331{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0795e3d34f8e642022-02-14 08:45:07.331root 11241100x80000000000000001747061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.331{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e58cbda879565e2022-02-14 08:45:07.331root 11241100x80000000000000001747062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.332{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0839ad52fa83a0b2022-02-14 08:45:07.332root 11241100x80000000000000001747063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.332{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929d44e95d590dda2022-02-14 08:45:07.332root 11241100x80000000000000001747064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.332{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a44dadb758604872022-02-14 08:45:07.332root 11241100x80000000000000001747065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.332{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dff7617b9b313932022-02-14 08:45:07.332root 11241100x80000000000000001747066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.332{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127e84c3e1b0061b2022-02-14 08:45:07.332root 11241100x80000000000000001747067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.333{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9527d6f49eee222022-02-14 08:45:07.333root 11241100x80000000000000001747068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.333{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b440270247a70c92022-02-14 08:45:07.333root 11241100x80000000000000001747069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.333{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6bde58a37910672022-02-14 08:45:07.333root 11241100x80000000000000001747070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.333{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717170d51582f5682022-02-14 08:45:07.333root 11241100x80000000000000001747071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.333{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c1b2c81df5a1422022-02-14 08:45:07.333root 11241100x80000000000000001747072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.333{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e37d415437785d2022-02-14 08:45:07.333root 11241100x80000000000000001747073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.333{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e994cb5e856d730e2022-02-14 08:45:07.333root 11241100x80000000000000001747074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.333{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95138c01a0d025fb2022-02-14 08:45:07.333root 11241100x80000000000000001747075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.334{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac44ca7dca9782052022-02-14 08:45:07.334root 11241100x80000000000000001747076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.334{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24aaad9dd30ee8e2022-02-14 08:45:07.334root 11241100x80000000000000001747077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.334{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962dfa41e5e598e12022-02-14 08:45:07.334root 11241100x80000000000000001747078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.334{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415d8d6164bca6ec2022-02-14 08:45:07.334root 11241100x80000000000000001747079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.334{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368ed8cdbc253d002022-02-14 08:45:07.334root 11241100x80000000000000001747080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.334{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762e86efa7c9b2002022-02-14 08:45:07.334root 11241100x80000000000000001747081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.334{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a159eada20e99eaf2022-02-14 08:45:07.334root 11241100x80000000000000001747082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.334{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c41a6d342dc67412022-02-14 08:45:07.334root 11241100x80000000000000001747083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.334{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e605beb52646e47c2022-02-14 08:45:07.334root 11241100x80000000000000001747084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.334{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de14cc28e0bd07a2022-02-14 08:45:07.334root 11241100x80000000000000001747085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.334{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c869e06e92892d882022-02-14 08:45:07.334root 11241100x80000000000000001747086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.335{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea05c39107cec722022-02-14 08:45:07.335root 11241100x80000000000000001747087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.335{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5217695d1d132aa92022-02-14 08:45:07.335root 11241100x80000000000000001747088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.335{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8daf1644164617992022-02-14 08:45:07.335root 11241100x80000000000000001747089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.335{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54e19000691ce9a2022-02-14 08:45:07.335root 11241100x80000000000000001747090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.335{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3136148032473ca2022-02-14 08:45:07.335root 11241100x80000000000000001747091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.335{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbd0d98874e19c12022-02-14 08:45:07.335root 11241100x80000000000000001747092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.335{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623b497ba1fae7a22022-02-14 08:45:07.335root 11241100x80000000000000001747093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.335{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d1b091584e99192022-02-14 08:45:07.335root 11241100x80000000000000001747094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.335{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e40ccace560d432022-02-14 08:45:07.335root 11241100x80000000000000001747095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.335{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2d1476bead3a162022-02-14 08:45:07.335root 11241100x80000000000000001747096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.335{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda9469aa1f0bffd2022-02-14 08:45:07.335root 11241100x80000000000000001747097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.335{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae03d82af0143c512022-02-14 08:45:07.335root 11241100x80000000000000001747098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.336{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7ee0d1d154c36e2022-02-14 08:45:07.336root 11241100x80000000000000001747099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.336{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851afbbc212280a92022-02-14 08:45:07.336root 11241100x80000000000000001747100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.336{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8134fa2ca44894182022-02-14 08:45:07.336root 11241100x80000000000000001747101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.336{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96591b4e2b3110e22022-02-14 08:45:07.336root 11241100x80000000000000001747102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.336{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d098a0255a3163592022-02-14 08:45:07.336root 11241100x80000000000000001747103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.336{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2716f006934dfe5d2022-02-14 08:45:07.336root 11241100x80000000000000001747104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.336{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca86c146d99016dc2022-02-14 08:45:07.336root 11241100x80000000000000001747105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.336{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858d8ed9aaed2bc42022-02-14 08:45:07.336root 11241100x80000000000000001747106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.336{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a720fcfc66db1b2022-02-14 08:45:07.336root 11241100x80000000000000001747107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.336{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f379e525213251982022-02-14 08:45:07.336root 11241100x80000000000000001747108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.337{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6143e5b26ba08b1e2022-02-14 08:45:07.337root 11241100x80000000000000001747109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.337{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6dccba89971e582022-02-14 08:45:07.337root 11241100x80000000000000001747110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.337{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e2538499888ebf2022-02-14 08:45:07.337root 11241100x80000000000000001747111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.337{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b39bd4a1acb62fb2022-02-14 08:45:07.337root 11241100x80000000000000001747112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.337{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5256bba2937a922022-02-14 08:45:07.337root 11241100x80000000000000001747113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.337{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47f1a9be9ae20152022-02-14 08:45:07.337root 11241100x80000000000000001747114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.337{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f36da15a29e99f2022-02-14 08:45:07.337root 11241100x80000000000000001747115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.337{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d0d8c7b45f9a222022-02-14 08:45:07.337root 11241100x80000000000000001747116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.337{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60959318b921bf1a2022-02-14 08:45:07.337root 11241100x80000000000000001747117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.338{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd6456cd1029db32022-02-14 08:45:07.338root 11241100x80000000000000001747118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.338{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405e621f0d2540622022-02-14 08:45:07.338root 11241100x80000000000000001747119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.338{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700cff97c4c007772022-02-14 08:45:07.338root 11241100x80000000000000001747120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.338{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef7e0772f5ee2322022-02-14 08:45:07.338root 11241100x80000000000000001747121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.338{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f72b38ae3b330a2022-02-14 08:45:07.338root 11241100x80000000000000001747122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.338{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b9c7944f51f73f2022-02-14 08:45:07.338root 11241100x80000000000000001747123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.338{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73b228d532dea6a2022-02-14 08:45:07.338root 11241100x80000000000000001747124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.338{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5a48edad7da89d2022-02-14 08:45:07.338root 11241100x80000000000000001747125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.338{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a981841db242fd232022-02-14 08:45:07.338root 11241100x80000000000000001747126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.338{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7eee04f57da53282022-02-14 08:45:07.338root 11241100x80000000000000001747127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.339{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094869e9cb45f3222022-02-14 08:45:07.339root 11241100x80000000000000001747128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.339{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e28df2cdfb3f8972022-02-14 08:45:07.339root 11241100x80000000000000001747129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.339{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208eab18ebbc3c5b2022-02-14 08:45:07.339root 11241100x80000000000000001747130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.339{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06bf70c0a1c5c9e2022-02-14 08:45:07.339root 11241100x80000000000000001747131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.339{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ab180d9ab932602022-02-14 08:45:07.339root 11241100x80000000000000001747132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.339{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce5f2cb650074402022-02-14 08:45:07.339root 11241100x80000000000000001747133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.339{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fca27b9cf7d89c2022-02-14 08:45:07.339root 11241100x80000000000000001747134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.339{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b60790af45212102022-02-14 08:45:07.339root 11241100x80000000000000001747135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.339{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb837dc7b8ce0c782022-02-14 08:45:07.339root 11241100x80000000000000001747136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.339{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85098c56ed853de82022-02-14 08:45:07.339root 11241100x80000000000000001747137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.340{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d00b6e8858fd642022-02-14 08:45:07.340root 11241100x80000000000000001747138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.340{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472b7bdf4ed6e4792022-02-14 08:45:07.340root 11241100x80000000000000001747139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.340{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ed02ee96a2c01c2022-02-14 08:45:07.340root 11241100x80000000000000001747140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.340{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810d806cd97f31e12022-02-14 08:45:07.340root 11241100x80000000000000001747141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.340{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589c9ba5f8ccd7852022-02-14 08:45:07.340root 11241100x80000000000000001747142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.340{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af39e165da3db672022-02-14 08:45:07.340root 11241100x80000000000000001747143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.340{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0eec0aec2fd47a72022-02-14 08:45:07.340root 11241100x80000000000000001747144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.340{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e18afb15da358f2022-02-14 08:45:07.340root 11241100x80000000000000001747145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.340{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7f36fcaf0349292022-02-14 08:45:07.340root 11241100x80000000000000001747146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.341{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0d9a7b832972012022-02-14 08:45:07.341root 11241100x80000000000000001747147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.341{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae8100e8256252a2022-02-14 08:45:07.341root 11241100x80000000000000001747148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.341{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee2998d255506e52022-02-14 08:45:07.341root 11241100x80000000000000001747149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.341{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0229aa038339452022-02-14 08:45:07.341root 11241100x80000000000000001747150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.341{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d98f0b9837689d2022-02-14 08:45:07.341root 11241100x80000000000000001747151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.341{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89513a034aa6f9e22022-02-14 08:45:07.341root 11241100x80000000000000001747152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.341{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e1425671ee91872022-02-14 08:45:07.341root 11241100x80000000000000001747153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.341{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a51a56a707a32932022-02-14 08:45:07.341root 11241100x80000000000000001747154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.342{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8222fe2918141dcd2022-02-14 08:45:07.342root 11241100x80000000000000001747155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.342{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eafcb412adcb3162022-02-14 08:45:07.342root 11241100x80000000000000001747156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.342{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e6bfe2bd2daecd2022-02-14 08:45:07.342root 11241100x80000000000000001747157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.342{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66985ea57717f0222022-02-14 08:45:07.342root 11241100x80000000000000001747158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.342{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07dd13190480a4a12022-02-14 08:45:07.342root 11241100x80000000000000001747159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.342{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18a5a2c910377852022-02-14 08:45:07.342root 11241100x80000000000000001747160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.342{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383daccdb8dcc05b2022-02-14 08:45:07.342root 11241100x80000000000000001747161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.342{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75335fdea0672a252022-02-14 08:45:07.342root 11241100x80000000000000001747162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.343{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e33326f4bf78612022-02-14 08:45:07.343root 11241100x80000000000000001747163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.343{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d0c08c4e8175d22022-02-14 08:45:07.343root 11241100x80000000000000001747164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.343{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd32d10c782b3b472022-02-14 08:45:07.343root 11241100x80000000000000001747165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.343{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f281ea332bbb1d2022-02-14 08:45:07.343root 11241100x80000000000000001747166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.343{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c575e7ff781fbd2022-02-14 08:45:07.343root 11241100x80000000000000001747167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.343{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd99b21e96c6ab0f2022-02-14 08:45:07.343root 11241100x80000000000000001747168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.343{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f018450380d13742022-02-14 08:45:07.343root 11241100x80000000000000001747169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.343{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02418fdbff5109a52022-02-14 08:45:07.343root 11241100x80000000000000001747170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.343{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c63a3ec54636b8b2022-02-14 08:45:07.343root 11241100x80000000000000001747171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.344{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c4b13084b8607b2022-02-14 08:45:07.344root 11241100x80000000000000001747172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.344{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721ddce047fd836f2022-02-14 08:45:07.344root 11241100x80000000000000001747173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.344{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cfa2d257492ae92022-02-14 08:45:07.344root 11241100x80000000000000001747174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.344{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b6e534df559d492022-02-14 08:45:07.344root 11241100x80000000000000001747175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.344{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e76810c58068b92022-02-14 08:45:07.344root 11241100x80000000000000001747176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.344{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e97fe4ef49543002022-02-14 08:45:07.344root 11241100x80000000000000001747177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.344{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3a6a7af3c7ba062022-02-14 08:45:07.344root 11241100x80000000000000001747178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.344{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd7364e9117b70a2022-02-14 08:45:07.344root 11241100x80000000000000001747179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.345{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652f1938a44cdaa72022-02-14 08:45:07.345root 11241100x80000000000000001747180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.345{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53507879565f0fd82022-02-14 08:45:07.345root 11241100x80000000000000001747181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.345{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc14ba9749e309752022-02-14 08:45:07.345root 11241100x80000000000000001747182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.345{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98d9fbdcb6c15c22022-02-14 08:45:07.345root 11241100x80000000000000001747183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.345{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b043f0bfbdfc6a2022-02-14 08:45:07.345root 11241100x80000000000000001747184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.345{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14945de9617f50db2022-02-14 08:45:07.345root 11241100x80000000000000001747185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.345{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce952cbd577b15a2022-02-14 08:45:07.345root 11241100x80000000000000001747186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.345{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c4018df73305972022-02-14 08:45:07.345root 11241100x80000000000000001747187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.345{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681d477109c2be0a2022-02-14 08:45:07.345root 11241100x80000000000000001747188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.345{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f5b1961136b7b32022-02-14 08:45:07.345root 11241100x80000000000000001747189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.346{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f5ecb7b5cb6f432022-02-14 08:45:07.346root 11241100x80000000000000001747190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.346{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d1a69b58a069922022-02-14 08:45:07.346root 11241100x80000000000000001747191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.347{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7701d73b7db9bdc92022-02-14 08:45:07.347root 11241100x80000000000000001747192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.347{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baaadf0b1892205a2022-02-14 08:45:07.347root 11241100x80000000000000001747193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.347{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e924c520d609aa2022-02-14 08:45:07.347root 11241100x80000000000000001747194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.347{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05332701a1708d782022-02-14 08:45:07.347root 11241100x80000000000000001747195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.347{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731e88ef46411c7b2022-02-14 08:45:07.347root 11241100x80000000000000001747196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.348{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a62ec7bc201e9c82022-02-14 08:45:07.348root 11241100x80000000000000001747197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.348{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ceddecf4b394902022-02-14 08:45:07.348root 11241100x80000000000000001747198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.348{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a7bdc0291537f72022-02-14 08:45:07.348root 11241100x80000000000000001747199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.348{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00ffa8a55adb3662022-02-14 08:45:07.348root 11241100x80000000000000001747200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.348{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988bcf9ef820c2e92022-02-14 08:45:07.348root 11241100x80000000000000001747201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.348{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af0edceb5935da12022-02-14 08:45:07.348root 11241100x80000000000000001747202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.348{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85cf6e9f689a57222022-02-14 08:45:07.348root 11241100x80000000000000001747203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.348{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8164e4b3fd57f3f22022-02-14 08:45:07.348root 11241100x80000000000000001747204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.348{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45f2ef7382849d32022-02-14 08:45:07.348root 11241100x80000000000000001747205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.348{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c855198de30d853e2022-02-14 08:45:07.348root 11241100x80000000000000001747206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.348{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9173f08233e4c42022-02-14 08:45:07.348root 11241100x80000000000000001747207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.348{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea9130597e8ab6b2022-02-14 08:45:07.348root 11241100x80000000000000001747208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.348{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05409eb6c5de81c2022-02-14 08:45:07.348root 11241100x80000000000000001747209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.348{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49ff9b5fa3d4e272022-02-14 08:45:07.348root 11241100x80000000000000001747210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.349{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4d29276391d9572022-02-14 08:45:07.349root 11241100x80000000000000001747211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.349{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6813533437452cd32022-02-14 08:45:07.349root 11241100x80000000000000001747212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.349{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a943ef26aa53895e2022-02-14 08:45:07.349root 11241100x80000000000000001747213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.349{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1308e6ec8bf386072022-02-14 08:45:07.349root 11241100x80000000000000001747214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.349{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4211af69642cfbcc2022-02-14 08:45:07.349root 11241100x80000000000000001747215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.349{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd543563997de0452022-02-14 08:45:07.349root 11241100x80000000000000001747216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.349{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdc92b0d4d6cffa2022-02-14 08:45:07.349root 11241100x80000000000000001747217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.349{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16832f9c88ed059c2022-02-14 08:45:07.349root 11241100x80000000000000001747218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.349{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793c2fa56a93c0952022-02-14 08:45:07.349root 11241100x80000000000000001747219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.349{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01078ba04ce7226d2022-02-14 08:45:07.349root 11241100x80000000000000001747220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.349{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4810e4a824ac55302022-02-14 08:45:07.349root 11241100x80000000000000001747221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.350{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9586eaf0c0eeb8a72022-02-14 08:45:07.350root 11241100x80000000000000001747222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.350{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0bdd94414ecaa12022-02-14 08:45:07.350root 11241100x80000000000000001747223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.350{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1ef00d66a23c342022-02-14 08:45:07.350root 11241100x80000000000000001747224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.350{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a121a5d22cc5ecfd2022-02-14 08:45:07.350root 11241100x80000000000000001747225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.350{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708bdefa434bc19d2022-02-14 08:45:07.350root 11241100x80000000000000001747226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.350{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1db31d7e09448f2022-02-14 08:45:07.350root 11241100x80000000000000001747227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.350{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018d8365bdf9d40b2022-02-14 08:45:07.350root 11241100x80000000000000001747228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.351{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa677bccc5bd0d32022-02-14 08:45:07.351root 11241100x80000000000000001747229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.351{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d555e5ff0923635c2022-02-14 08:45:07.351root 154100x80000000000000001747230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.443{ec2ab09f-1693-620a-08d6-f4105b550000}2025/usr/bin/clear-----clear/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{ec2ab09f-1691-620a-0814-31b1c5550000}2004/bin/bash-bashubuntu 534500x80000000000000001747231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:07.445{ec2ab09f-1693-620a-08d6-f4105b550000}2025/usr/bin/clearubuntu 11241100x80000000000000001747232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.101{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3202f6c8537ca5482022-02-14 08:45:08.101root 11241100x80000000000000001747233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.101{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8edbb3b0fc56202022-02-14 08:45:08.101root 11241100x80000000000000001747234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.101{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627360b6c99436292022-02-14 08:45:08.101root 11241100x80000000000000001747235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.101{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9383571eeffafcec2022-02-14 08:45:08.101root 11241100x80000000000000001747236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.102{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1f17fa17bc1d912022-02-14 08:45:08.102root 11241100x80000000000000001747237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.102{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c99298dcc79e8a02022-02-14 08:45:08.102root 11241100x80000000000000001747238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.102{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a997493186b782592022-02-14 08:45:08.102root 11241100x80000000000000001747239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.102{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356471c0548e900c2022-02-14 08:45:08.102root 11241100x80000000000000001747240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.102{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7cd4159edf08c92022-02-14 08:45:08.102root 11241100x80000000000000001747241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.102{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142968fc8a816ee72022-02-14 08:45:08.102root 11241100x80000000000000001747242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.103{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129e2c954882103e2022-02-14 08:45:08.103root 11241100x80000000000000001747243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.103{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5096860fe0030e3c2022-02-14 08:45:08.103root 11241100x80000000000000001747244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.103{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b091afd5a3a7131a2022-02-14 08:45:08.103root 11241100x80000000000000001747245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.103{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db58071dafe9e30b2022-02-14 08:45:08.103root 11241100x80000000000000001747246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.103{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e17fe98b8826702022-02-14 08:45:08.103root 11241100x80000000000000001747247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.103{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb474b49432b3e962022-02-14 08:45:08.103root 11241100x80000000000000001747248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44eb67c3c1bb58832022-02-14 08:45:08.105root 11241100x80000000000000001747249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b696f49bf9fda52022-02-14 08:45:08.105root 11241100x80000000000000001747250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6209150b10aa36832022-02-14 08:45:08.105root 11241100x80000000000000001747251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882a5d7063ae71932022-02-14 08:45:08.105root 11241100x80000000000000001747252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa829e7dbc6763792022-02-14 08:45:08.106root 11241100x80000000000000001747253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284e5bd5767afbf32022-02-14 08:45:08.106root 11241100x80000000000000001747254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a521058a3b0c8e2022-02-14 08:45:08.107root 11241100x80000000000000001747255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47eda33cafa8af22022-02-14 08:45:08.107root 11241100x80000000000000001747256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e367f426bec1987c2022-02-14 08:45:08.107root 11241100x80000000000000001747257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b544e0f0473b50702022-02-14 08:45:08.107root 11241100x80000000000000001747258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5401657073b30c82022-02-14 08:45:08.107root 11241100x80000000000000001747259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb3db81ae2e21802022-02-14 08:45:08.108root 11241100x80000000000000001747260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b94d09b5621fd02022-02-14 08:45:08.108root 11241100x80000000000000001747261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9708fb100a84a8f32022-02-14 08:45:08.108root 11241100x80000000000000001747262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5232a89dff1d302022-02-14 08:45:08.108root 11241100x80000000000000001747263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c870b2e39ff968482022-02-14 08:45:08.108root 11241100x80000000000000001747264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d377b3d4b919a342022-02-14 08:45:08.108root 11241100x80000000000000001747265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0508ab6b944ea9122022-02-14 08:45:08.108root 11241100x80000000000000001747266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561f92c8c4924c8e2022-02-14 08:45:08.108root 11241100x80000000000000001747267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d9f7375bd9d1fb2022-02-14 08:45:08.109root 11241100x80000000000000001747268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95fcf7530107c482022-02-14 08:45:08.109root 11241100x80000000000000001747269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d402566aeeafda2022-02-14 08:45:08.109root 11241100x80000000000000001747270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99701fddd91bbe52022-02-14 08:45:08.109root 11241100x80000000000000001747271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3411b87ea4e76a5c2022-02-14 08:45:08.109root 11241100x80000000000000001747272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f967dea2254a8f4c2022-02-14 08:45:08.109root 11241100x80000000000000001747273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3eb54f44f1d7cb2022-02-14 08:45:08.109root 11241100x80000000000000001747274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e671624cfba7a7b2022-02-14 08:45:08.110root 11241100x80000000000000001747275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c6b84176e33b812022-02-14 08:45:08.110root 11241100x80000000000000001747276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301fe34793e6235a2022-02-14 08:45:08.110root 11241100x80000000000000001747277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22fceb2c911db072022-02-14 08:45:08.110root 11241100x80000000000000001747278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cfe5e9cf0a724d2022-02-14 08:45:08.110root 11241100x80000000000000001747279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ed980ac7118e022022-02-14 08:45:08.110root 11241100x80000000000000001747280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12884d969839b47b2022-02-14 08:45:08.110root 11241100x80000000000000001747281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb7081be30b80c52022-02-14 08:45:08.110root 11241100x80000000000000001747282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fafcc53fdf58fbc2022-02-14 08:45:08.111root 11241100x80000000000000001747283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42cace42bc369612022-02-14 08:45:08.111root 11241100x80000000000000001747284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3e2a29a3f63e3a2022-02-14 08:45:08.111root 11241100x80000000000000001747285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbe43e1f266bed22022-02-14 08:45:08.111root 11241100x80000000000000001747286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0401a133d45751ce2022-02-14 08:45:08.111root 11241100x80000000000000001747287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1950ef526d2b2bc2022-02-14 08:45:08.111root 11241100x80000000000000001747288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02ded490e6b28b02022-02-14 08:45:08.111root 11241100x80000000000000001747289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.112{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ae6e9612c8e4702022-02-14 08:45:08.112root 11241100x80000000000000001747290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.112{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141ea19efa5c43502022-02-14 08:45:08.112root 11241100x80000000000000001747291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.112{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70489f47f91fe2532022-02-14 08:45:08.112root 11241100x80000000000000001747292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.112{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f909318ca22a432022-02-14 08:45:08.112root 11241100x80000000000000001747293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.112{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f803aa6cc9cbfded2022-02-14 08:45:08.112root 11241100x80000000000000001747294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.112{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b731cd8b227e7372022-02-14 08:45:08.112root 11241100x80000000000000001747295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.113{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad27f0778a47f2d2022-02-14 08:45:08.113root 11241100x80000000000000001747296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.113{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f73ecbd955f0862022-02-14 08:45:08.113root 11241100x80000000000000001747297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.113{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d712cab8d5cfab2022-02-14 08:45:08.113root 11241100x80000000000000001747298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.113{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e19145f18ac19092022-02-14 08:45:08.113root 11241100x80000000000000001747299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.113{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971baef990ce46682022-02-14 08:45:08.113root 11241100x80000000000000001747300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.113{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283973ee9ba2fb672022-02-14 08:45:08.113root 11241100x80000000000000001747301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.113{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f2f1a67f313a562022-02-14 08:45:08.113root 11241100x80000000000000001747302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.114{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2611a4f8582512a72022-02-14 08:45:08.114root 11241100x80000000000000001747303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.114{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835b78d9cdc9de442022-02-14 08:45:08.114root 11241100x80000000000000001747304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.114{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d3a046c18f4e4d2022-02-14 08:45:08.114root 11241100x80000000000000001747305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.114{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7db6b65b156d422022-02-14 08:45:08.114root 11241100x80000000000000001747306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.114{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c514b41708d5f612022-02-14 08:45:08.114root 11241100x80000000000000001747307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.114{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4caac93e7c377ac2022-02-14 08:45:08.114root 11241100x80000000000000001747308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.114{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f41ad7e5ba963a42022-02-14 08:45:08.114root 11241100x80000000000000001747309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.114{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b75fe7a5b85e1832022-02-14 08:45:08.114root 11241100x80000000000000001747310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.115{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b0fcfb73fee8592022-02-14 08:45:08.115root 11241100x80000000000000001747311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.115{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5d5cc0bf0c95522022-02-14 08:45:08.115root 11241100x80000000000000001747312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.115{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13663fc4350ffa82022-02-14 08:45:08.115root 11241100x80000000000000001747313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.115{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c395aca6f1db24872022-02-14 08:45:08.115root 11241100x80000000000000001747314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.115{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97d8908a14c33c02022-02-14 08:45:08.115root 11241100x80000000000000001747315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.116{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ae2cd6c66ba23f2022-02-14 08:45:08.116root 11241100x80000000000000001747316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.116{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1198c8022a74a9772022-02-14 08:45:08.116root 11241100x80000000000000001747317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.116{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c741a8b099cc6962022-02-14 08:45:08.116root 11241100x80000000000000001747318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.116{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d3f427a65e85662022-02-14 08:45:08.116root 11241100x80000000000000001747319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.116{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8256fcc72c7da92022-02-14 08:45:08.116root 11241100x80000000000000001747320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.116{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb97785e8553d2a2022-02-14 08:45:08.116root 11241100x80000000000000001747321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.116{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5d88a2986e4cb72022-02-14 08:45:08.116root 11241100x80000000000000001747322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.116{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f4a8d10fafa9272022-02-14 08:45:08.116root 11241100x80000000000000001747323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.117{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97383a3128ce4972022-02-14 08:45:08.117root 11241100x80000000000000001747324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.117{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9539610a2ef51e832022-02-14 08:45:08.117root 11241100x80000000000000001747325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.117{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912f9bd9934506832022-02-14 08:45:08.117root 11241100x80000000000000001747326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.117{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5377f10eb6cf8b32022-02-14 08:45:08.117root 11241100x80000000000000001747327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.117{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe411efadfa4b102022-02-14 08:45:08.117root 11241100x80000000000000001747328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.117{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a892efbb22adb60d2022-02-14 08:45:08.117root 11241100x80000000000000001747329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.117{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f7d44fe190d7a52022-02-14 08:45:08.117root 11241100x80000000000000001747330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.118{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e86e60e08eb86c2022-02-14 08:45:08.118root 11241100x80000000000000001747331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.118{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f052549a1f4ccbb2022-02-14 08:45:08.118root 11241100x80000000000000001747332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.118{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7302a1271863762022-02-14 08:45:08.118root 11241100x80000000000000001747333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.118{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158c4288849a19f12022-02-14 08:45:08.118root 11241100x80000000000000001747334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.118{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87cfff52869060f12022-02-14 08:45:08.118root 11241100x80000000000000001747335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.118{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e6dcac28ba20fb2022-02-14 08:45:08.118root 11241100x80000000000000001747336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.118{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dccb1023b417f3a2022-02-14 08:45:08.118root 11241100x80000000000000001747337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.119{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ebadf33f744b722022-02-14 08:45:08.119root 11241100x80000000000000001747338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.119{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b7099b87e98d432022-02-14 08:45:08.119root 11241100x80000000000000001747339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.119{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5205df9b80427f2022-02-14 08:45:08.119root 11241100x80000000000000001747340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.119{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc967073601465b2022-02-14 08:45:08.119root 11241100x80000000000000001747341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.119{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb10fd2567b74aa2022-02-14 08:45:08.119root 11241100x80000000000000001747342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.119{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191ad9c4001fd6c02022-02-14 08:45:08.119root 11241100x80000000000000001747343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.119{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54f20e37dcc5bef2022-02-14 08:45:08.119root 11241100x80000000000000001747344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.120{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7674eddbf32fe3812022-02-14 08:45:08.120root 11241100x80000000000000001747345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.120{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e002ccdd443040e62022-02-14 08:45:08.120root 11241100x80000000000000001747346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.120{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1a58786965e7a22022-02-14 08:45:08.120root 11241100x80000000000000001747347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.120{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b8f1e871de362e2022-02-14 08:45:08.120root 11241100x80000000000000001747348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.120{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a92ee0fdb6effa2022-02-14 08:45:08.120root 11241100x80000000000000001747349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.120{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ab0a342b4b6a782022-02-14 08:45:08.120root 11241100x80000000000000001747350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.120{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94132116e64ca20d2022-02-14 08:45:08.120root 11241100x80000000000000001747351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.121{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985770af1e6d56ad2022-02-14 08:45:08.121root 11241100x80000000000000001747352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.121{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e445344ed6a5aa2c2022-02-14 08:45:08.121root 11241100x80000000000000001747353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.121{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d89ff1e54a067c62022-02-14 08:45:08.121root 11241100x80000000000000001747354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.121{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5f391417fd8e282022-02-14 08:45:08.121root 11241100x80000000000000001747355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.122{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e80e4f94a15731f2022-02-14 08:45:08.122root 11241100x80000000000000001747356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.122{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca681cb6a1548e912022-02-14 08:45:08.122root 11241100x80000000000000001747357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.122{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510804f5138efd262022-02-14 08:45:08.122root 11241100x80000000000000001747358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.122{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5dc8c7c18404e42022-02-14 08:45:08.122root 11241100x80000000000000001747359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.122{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bac6f65f42ce1712022-02-14 08:45:08.122root 11241100x80000000000000001747360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.122{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16327afb904713342022-02-14 08:45:08.122root 11241100x80000000000000001747361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.122{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b0b8cb20167e6e2022-02-14 08:45:08.122root 11241100x80000000000000001747362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.122{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8733a6d58b28a1472022-02-14 08:45:08.122root 11241100x80000000000000001747363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.123{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635ffa0ba2a302d12022-02-14 08:45:08.123root 11241100x80000000000000001747364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.123{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d174edff7005e12022-02-14 08:45:08.123root 11241100x80000000000000001747365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.123{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3caf10726e71a872022-02-14 08:45:08.123root 11241100x80000000000000001747366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.123{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f2f5b8d754dba62022-02-14 08:45:08.123root 11241100x80000000000000001747367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.123{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117011c3b8690ce52022-02-14 08:45:08.123root 11241100x80000000000000001747368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.123{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0586eb101c30529c2022-02-14 08:45:08.123root 11241100x80000000000000001747369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.124{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150539cd53a6a5732022-02-14 08:45:08.124root 11241100x80000000000000001747370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.124{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65cc600187ffbf62022-02-14 08:45:08.124root 11241100x80000000000000001747371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.124{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1717e0da1bf0e92022-02-14 08:45:08.124root 11241100x80000000000000001747372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.124{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73efe725bb1670412022-02-14 08:45:08.124root 11241100x80000000000000001747373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.124{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890d14d28a9732a72022-02-14 08:45:08.124root 11241100x80000000000000001747374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.124{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f264241ee3d7bce92022-02-14 08:45:08.124root 11241100x80000000000000001747375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.124{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbe542439a742f02022-02-14 08:45:08.124root 11241100x80000000000000001747376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.125{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3c7fdaa09f66d52022-02-14 08:45:08.125root 11241100x80000000000000001747377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.125{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9baedf5bc3ac44352022-02-14 08:45:08.125root 11241100x80000000000000001747378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.125{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8f9246fda9f0b52022-02-14 08:45:08.125root 11241100x80000000000000001747379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.125{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea10e0079fce73022022-02-14 08:45:08.125root 11241100x80000000000000001747380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.125{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b0856dbba6f8ac2022-02-14 08:45:08.125root 11241100x80000000000000001747381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685935946f2b88872022-02-14 08:45:08.126root 11241100x80000000000000001747382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388ce96d350146db2022-02-14 08:45:08.126root 11241100x80000000000000001747383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921a1815e669ca412022-02-14 08:45:08.126root 11241100x80000000000000001747384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58aac7b470827422022-02-14 08:45:08.126root 11241100x80000000000000001747385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44982c9354f584592022-02-14 08:45:08.126root 11241100x80000000000000001747386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5a1861afe0c54c2022-02-14 08:45:08.126root 11241100x80000000000000001747387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4286dddfa1111032022-02-14 08:45:08.126root 11241100x80000000000000001747388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae1284b6900b4c62022-02-14 08:45:08.126root 11241100x80000000000000001747389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.127{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108204cd6549d97d2022-02-14 08:45:08.127root 11241100x80000000000000001747390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.127{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81209d19445e19872022-02-14 08:45:08.127root 11241100x80000000000000001747391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.127{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31458e7457e11d82022-02-14 08:45:08.127root 11241100x80000000000000001747392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.127{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9807f38c300006d12022-02-14 08:45:08.127root 11241100x80000000000000001747393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.127{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5477000b64841cdd2022-02-14 08:45:08.127root 11241100x80000000000000001747394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.127{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f017bf6bce66052022-02-14 08:45:08.127root 11241100x80000000000000001747395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.127{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb024a71d4f422412022-02-14 08:45:08.127root 11241100x80000000000000001747396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b62871ddc493292022-02-14 08:45:08.128root 11241100x80000000000000001747397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8868900b788a692022-02-14 08:45:08.128root 11241100x80000000000000001747398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94b5a1c0eb0c6fc2022-02-14 08:45:08.128root 11241100x80000000000000001747399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e0ae4eafa258c42022-02-14 08:45:08.128root 11241100x80000000000000001747400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29eb30a7aa5e19fe2022-02-14 08:45:08.128root 11241100x80000000000000001747401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77f9def612873df2022-02-14 08:45:08.128root 11241100x80000000000000001747402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51228f942ce145e12022-02-14 08:45:08.128root 11241100x80000000000000001747403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0aefc950cfaaeed2022-02-14 08:45:08.128root 11241100x80000000000000001747404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.129{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d0a1082f31d60c2022-02-14 08:45:08.129root 11241100x80000000000000001747405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.129{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd63cc2ea81d7702022-02-14 08:45:08.129root 11241100x80000000000000001747406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.129{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ba7ab000bf59392022-02-14 08:45:08.129root 11241100x80000000000000001747407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.129{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22713cc22e7bacce2022-02-14 08:45:08.129root 11241100x80000000000000001747408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.129{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d161e8018636ec2022-02-14 08:45:08.129root 11241100x80000000000000001747409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.129{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d8a1b3d16889a72022-02-14 08:45:08.129root 11241100x80000000000000001747410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.129{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2082965e70a11e02022-02-14 08:45:08.129root 11241100x80000000000000001747411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.130{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1219c70623d186a92022-02-14 08:45:08.130root 11241100x80000000000000001747412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.130{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd203abc248009192022-02-14 08:45:08.130root 11241100x80000000000000001747413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.130{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddcdd0f8151a4372022-02-14 08:45:08.130root 11241100x80000000000000001747414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.130{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6955729b79dc1032022-02-14 08:45:08.130root 11241100x80000000000000001747415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.130{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0634df6441ab5bf42022-02-14 08:45:08.130root 11241100x80000000000000001747416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.130{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837835ab36813a212022-02-14 08:45:08.130root 11241100x80000000000000001747417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.130{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb35d0a6e10d57b2022-02-14 08:45:08.130root 11241100x80000000000000001747418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.130{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416fc9042826cf422022-02-14 08:45:08.130root 11241100x80000000000000001747419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e3bb01b6b0339e2022-02-14 08:45:08.131root 11241100x80000000000000001747420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585c0d6eccc6e9852022-02-14 08:45:08.131root 11241100x80000000000000001747421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf8d2cde4db33492022-02-14 08:45:08.131root 11241100x80000000000000001747422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.852{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2598a2fd212dd9c02022-02-14 08:45:08.852root 11241100x80000000000000001747423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.852{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ec929cd8652c172022-02-14 08:45:08.852root 11241100x80000000000000001747424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.853{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a558de3fe16e86072022-02-14 08:45:08.853root 11241100x80000000000000001747425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.853{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e79bfe1023ceef2022-02-14 08:45:08.853root 11241100x80000000000000001747426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.853{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95912e7b299b57322022-02-14 08:45:08.853root 11241100x80000000000000001747427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.853{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbbb211fa79cf952022-02-14 08:45:08.853root 11241100x80000000000000001747428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.853{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4491ed2e0da91782022-02-14 08:45:08.853root 11241100x80000000000000001747429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.853{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1befc49bdc22c72022-02-14 08:45:08.853root 11241100x80000000000000001747430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.854{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92836d373b1c9682022-02-14 08:45:08.854root 11241100x80000000000000001747431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.854{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b3beb434b3e9442022-02-14 08:45:08.854root 11241100x80000000000000001747432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.854{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485617b2f232300e2022-02-14 08:45:08.854root 11241100x80000000000000001747433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.854{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfed876a40ec2b02022-02-14 08:45:08.854root 11241100x80000000000000001747434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.854{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0f638f265c73012022-02-14 08:45:08.854root 11241100x80000000000000001747435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.854{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b608cd269eff7b2022-02-14 08:45:08.854root 11241100x80000000000000001747436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.854{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a106f50fef4b66ea2022-02-14 08:45:08.854root 11241100x80000000000000001747437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.855{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4c137c26bae1e32022-02-14 08:45:08.855root 11241100x80000000000000001747438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.855{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4a83e4f19e8b052022-02-14 08:45:08.855root 11241100x80000000000000001747439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.855{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42252f346b06762d2022-02-14 08:45:08.855root 11241100x80000000000000001747440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.855{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cb048163b9a2542022-02-14 08:45:08.855root 11241100x80000000000000001747441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.855{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55ad93f47dd95cc2022-02-14 08:45:08.855root 11241100x80000000000000001747442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.856{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52df57c28286bfbb2022-02-14 08:45:08.856root 11241100x80000000000000001747443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.856{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d896e946eb96837c2022-02-14 08:45:08.856root 11241100x80000000000000001747444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.856{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345b2b9bd967604e2022-02-14 08:45:08.856root 11241100x80000000000000001747445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.856{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f95f0dfbc428c422022-02-14 08:45:08.856root 11241100x80000000000000001747446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.856{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46965f52507d4c12022-02-14 08:45:08.856root 11241100x80000000000000001747447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.856{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f76e7a1e55e47fc2022-02-14 08:45:08.856root 11241100x80000000000000001747448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.857{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4119679fe6b5032022-02-14 08:45:08.857root 11241100x80000000000000001747449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.857{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77cca122bfaea6a82022-02-14 08:45:08.857root 11241100x80000000000000001747450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.857{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96bedf93fc74f032022-02-14 08:45:08.857root 11241100x80000000000000001747451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.857{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819166bbab6fe1a62022-02-14 08:45:08.857root 11241100x80000000000000001747452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.857{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153e4a51d7f151712022-02-14 08:45:08.857root 11241100x80000000000000001747453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.857{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50f6536527a9fb42022-02-14 08:45:08.857root 11241100x80000000000000001747454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.857{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1202260084c42642022-02-14 08:45:08.857root 11241100x80000000000000001747455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.858{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e5051428105c8f2022-02-14 08:45:08.858root 11241100x80000000000000001747456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.858{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9662e004d8372142022-02-14 08:45:08.858root 11241100x80000000000000001747457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.858{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0510ac627cdc082022-02-14 08:45:08.858root 11241100x80000000000000001747458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.858{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9600e018eaa47b2022-02-14 08:45:08.858root 11241100x80000000000000001747459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.858{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f71f8bcf709c5172022-02-14 08:45:08.858root 11241100x80000000000000001747460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.858{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d0d5838782c5e72022-02-14 08:45:08.858root 11241100x80000000000000001747461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.859{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e5e6be8725e6372022-02-14 08:45:08.859root 11241100x80000000000000001747462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.859{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61099e4a0c8f30a92022-02-14 08:45:08.859root 11241100x80000000000000001747463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.859{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a337ac0d3d27e12022-02-14 08:45:08.859root 11241100x80000000000000001747464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.859{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3079a474fc24fd2022-02-14 08:45:08.859root 11241100x80000000000000001747465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.859{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b949bbe9e74c9d5d2022-02-14 08:45:08.859root 11241100x80000000000000001747466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.860{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d546444ffe3d7892022-02-14 08:45:08.860root 11241100x80000000000000001747467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.860{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c4e6ae0a92a0422022-02-14 08:45:08.860root 11241100x80000000000000001747468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.860{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ac37fe496a6d492022-02-14 08:45:08.860root 11241100x80000000000000001747469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.860{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cd1b6f8f6d530a2022-02-14 08:45:08.860root 11241100x80000000000000001747470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.861{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a448a1c12f49b1322022-02-14 08:45:08.861root 11241100x80000000000000001747471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.861{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85988c577ff14bb2022-02-14 08:45:08.861root 11241100x80000000000000001747472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.861{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c693cdbd5911d1a2022-02-14 08:45:08.861root 11241100x80000000000000001747473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.862{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d9d914c27bc0452022-02-14 08:45:08.862root 11241100x80000000000000001747474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.862{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb8296ea592b5022022-02-14 08:45:08.862root 11241100x80000000000000001747475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.862{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d646b8195d2636402022-02-14 08:45:08.862root 11241100x80000000000000001747476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.863{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5676efedd8396a712022-02-14 08:45:08.863root 11241100x80000000000000001747477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.863{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0a5a74d58d62e52022-02-14 08:45:08.863root 11241100x80000000000000001747478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.863{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f480ea0bba4018c32022-02-14 08:45:08.863root 11241100x80000000000000001747479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.863{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f120c8449df45bbf2022-02-14 08:45:08.863root 11241100x80000000000000001747480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.863{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48210baf7127f112022-02-14 08:45:08.863root 11241100x80000000000000001747481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.864{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd17d232bb187f62022-02-14 08:45:08.864root 11241100x80000000000000001747482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.864{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b37171dca2ee7b2022-02-14 08:45:08.864root 11241100x80000000000000001747483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.864{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d6bf76445fbbae2022-02-14 08:45:08.864root 11241100x80000000000000001747484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.864{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558cfb6cca9475062022-02-14 08:45:08.864root 11241100x80000000000000001747485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.865{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b22044d395dc602022-02-14 08:45:08.865root 11241100x80000000000000001747486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.865{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52513d138d788f342022-02-14 08:45:08.865root 11241100x80000000000000001747487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.865{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73265a3114fd5ca62022-02-14 08:45:08.865root 11241100x80000000000000001747488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.866{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0506143cb9b8d222022-02-14 08:45:08.866root 11241100x80000000000000001747489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.866{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea67333988c108e2022-02-14 08:45:08.866root 11241100x80000000000000001747490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.866{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c13af52426fadc2022-02-14 08:45:08.866root 11241100x80000000000000001747491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.867{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c425de2d918b432022-02-14 08:45:08.867root 11241100x80000000000000001747492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.867{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f57afa932e7abda2022-02-14 08:45:08.867root 11241100x80000000000000001747493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.867{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7b2a785cce6ff42022-02-14 08:45:08.867root 11241100x80000000000000001747494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.867{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b8845af4fc0b952022-02-14 08:45:08.867root 11241100x80000000000000001747495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.868{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea3e95389e5678d2022-02-14 08:45:08.868root 11241100x80000000000000001747496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.868{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce40f4049fdf4e12022-02-14 08:45:08.868root 11241100x80000000000000001747497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.868{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ca2cde8a1cea952022-02-14 08:45:08.868root 11241100x80000000000000001747498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.868{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54956e5d5d089af92022-02-14 08:45:08.868root 11241100x80000000000000001747499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.869{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9a9015fea888692022-02-14 08:45:08.869root 11241100x80000000000000001747500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.869{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f56e8fd4ec71b662022-02-14 08:45:08.869root 11241100x80000000000000001747501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.869{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6561a4797559c69e2022-02-14 08:45:08.869root 11241100x80000000000000001747502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.869{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55b71328d7a78622022-02-14 08:45:08.869root 11241100x80000000000000001747503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.870{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070bf5eac51022612022-02-14 08:45:08.870root 11241100x80000000000000001747504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.870{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a323a0d98e6cb8dc2022-02-14 08:45:08.870root 11241100x80000000000000001747505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.870{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb4b54c69aaef4c2022-02-14 08:45:08.870root 11241100x80000000000000001747506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.871{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89baa59a22222342022-02-14 08:45:08.871root 11241100x80000000000000001747507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.871{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40456d671ad60bb02022-02-14 08:45:08.871root 11241100x80000000000000001747508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.871{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31851d62b3d40a882022-02-14 08:45:08.871root 11241100x80000000000000001747509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.872{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba1fe95f8150ef82022-02-14 08:45:08.872root 11241100x80000000000000001747510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.872{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aac306a01372ab12022-02-14 08:45:08.872root 11241100x80000000000000001747511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.872{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a521b93b0c51d2c12022-02-14 08:45:08.872root 11241100x80000000000000001747512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.873{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f8fb467134f7b32022-02-14 08:45:08.873root 11241100x80000000000000001747513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.873{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcc7aa875f343ef2022-02-14 08:45:08.873root 11241100x80000000000000001747514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.873{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891fbbad37c78db52022-02-14 08:45:08.873root 11241100x80000000000000001747515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.874{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93b94f070374f652022-02-14 08:45:08.874root 11241100x80000000000000001747516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.874{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27453458fe5f8292022-02-14 08:45:08.874root 11241100x80000000000000001747517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.874{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2f253a45cd1f292022-02-14 08:45:08.874root 11241100x80000000000000001747518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.874{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1f36ac22e2a49a2022-02-14 08:45:08.874root 11241100x80000000000000001747519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.875{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c2e9abc5d2b25f2022-02-14 08:45:08.875root 11241100x80000000000000001747520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.875{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797bb04403889fe12022-02-14 08:45:08.875root 11241100x80000000000000001747521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.875{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14674e83f857bcb12022-02-14 08:45:08.875root 11241100x80000000000000001747522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.875{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8264b78f744120662022-02-14 08:45:08.875root 11241100x80000000000000001747523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.876{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b617332d0027dd2022-02-14 08:45:08.876root 11241100x80000000000000001747524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.876{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a6597ea721263f2022-02-14 08:45:08.876root 11241100x80000000000000001747525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.877{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de6ac19584ffcc12022-02-14 08:45:08.877root 11241100x80000000000000001747526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.877{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e565932529f03ae02022-02-14 08:45:08.877root 11241100x80000000000000001747527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.877{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92e0dadbcb101c12022-02-14 08:45:08.877root 11241100x80000000000000001747528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.878{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697cea18bba65bf62022-02-14 08:45:08.878root 11241100x80000000000000001747529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.878{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6b60482227f8b12022-02-14 08:45:08.878root 11241100x80000000000000001747530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.878{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51606342d37a69db2022-02-14 08:45:08.878root 11241100x80000000000000001747531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.878{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7907bf0438d54c2022-02-14 08:45:08.878root 11241100x80000000000000001747532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.879{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b60f0dc5fe95a02022-02-14 08:45:08.879root 11241100x80000000000000001747533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.879{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d460f89c60a5df2022-02-14 08:45:08.879root 11241100x80000000000000001747534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.879{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d42997dcb9933022022-02-14 08:45:08.879root 11241100x80000000000000001747535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.879{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cee5eaa0e95730c2022-02-14 08:45:08.879root 11241100x80000000000000001747536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.879{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee6299aafb1fccf2022-02-14 08:45:08.879root 11241100x80000000000000001747537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.880{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5fd37d6acd6e772022-02-14 08:45:08.880root 11241100x80000000000000001747538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.880{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15a4b60192fc79b2022-02-14 08:45:08.880root 11241100x80000000000000001747539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.880{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4e0dcc647ff24f2022-02-14 08:45:08.880root 11241100x80000000000000001747540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.881{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5870554d26d1a32022-02-14 08:45:08.881root 11241100x80000000000000001747541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.881{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc62b5e387430d732022-02-14 08:45:08.881root 11241100x80000000000000001747542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.882{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b60e2d82dfb4df62022-02-14 08:45:08.882root 11241100x80000000000000001747543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.882{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a524b631ffbb0de2022-02-14 08:45:08.882root 11241100x80000000000000001747544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.882{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40463e266285ca32022-02-14 08:45:08.882root 11241100x80000000000000001747545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.882{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50604aa2fc4c3e292022-02-14 08:45:08.882root 11241100x80000000000000001747546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.883{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe913bd4bc63c3d2022-02-14 08:45:08.883root 11241100x80000000000000001747547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.883{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786988fcb9f7ac732022-02-14 08:45:08.883root 11241100x80000000000000001747548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.883{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78de9a20f597d34e2022-02-14 08:45:08.883root 11241100x80000000000000001747549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.883{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50633bdd90fab3502022-02-14 08:45:08.883root 11241100x80000000000000001747550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.884{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cec273ccfe018f2022-02-14 08:45:08.884root 11241100x80000000000000001747551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.884{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5856c6fdb2f0fc2022-02-14 08:45:08.884root 11241100x80000000000000001747552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.884{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653aa43021f34bb52022-02-14 08:45:08.884root 11241100x80000000000000001747553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.884{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202f178cf673fa0f2022-02-14 08:45:08.884root 11241100x80000000000000001747554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.885{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6e2c70ed419e042022-02-14 08:45:08.885root 11241100x80000000000000001747555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.885{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff5f1d603be34ae2022-02-14 08:45:08.885root 11241100x80000000000000001747556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.885{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff2370acffc0b262022-02-14 08:45:08.885root 11241100x80000000000000001747557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.885{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddc14ef975a6ced2022-02-14 08:45:08.885root 11241100x80000000000000001747558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.886{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5504ca59e704512022-02-14 08:45:08.886root 11241100x80000000000000001747559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.886{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d3eb70bd096d452022-02-14 08:45:08.886root 11241100x80000000000000001747560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.886{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeeed4ed82b996ac2022-02-14 08:45:08.886root 11241100x80000000000000001747561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.887{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002abc2edc5565262022-02-14 08:45:08.887root 11241100x80000000000000001747562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.887{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bd9e9b4c5613d92022-02-14 08:45:08.887root 11241100x80000000000000001747563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.887{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36933c29f2fe1e8e2022-02-14 08:45:08.887root 11241100x80000000000000001747564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.887{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22a8cb2cbe42e362022-02-14 08:45:08.887root 11241100x80000000000000001747565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.888{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d30b743699c673e2022-02-14 08:45:08.888root 11241100x80000000000000001747566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.888{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f19eeaecf0af75a2022-02-14 08:45:08.888root 11241100x80000000000000001747567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.888{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ef8794373c01882022-02-14 08:45:08.888root 11241100x80000000000000001747568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.888{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e9bc2660a1295f2022-02-14 08:45:08.888root 11241100x80000000000000001747569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.888{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af7e0b0c6d818052022-02-14 08:45:08.888root 11241100x80000000000000001747570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.889{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc5b177385e2d962022-02-14 08:45:08.889root 11241100x80000000000000001747571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.889{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2ca217a74bd0872022-02-14 08:45:08.889root 11241100x80000000000000001747572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.889{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0d73ac74c89bad2022-02-14 08:45:08.889root 11241100x80000000000000001747573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.890{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d25e0b2fff21012022-02-14 08:45:08.890root 11241100x80000000000000001747574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.890{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503d767936a0f7fb2022-02-14 08:45:08.890root 11241100x80000000000000001747575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.890{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efa0ac6b25284872022-02-14 08:45:08.890root 11241100x80000000000000001747576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.890{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe383b425582d4c2022-02-14 08:45:08.890root 11241100x80000000000000001747577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.891{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d26e34fea98c2e2022-02-14 08:45:08.891root 11241100x80000000000000001747578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.891{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e28975ca3ba4afe2022-02-14 08:45:08.891root 11241100x80000000000000001747579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.891{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d716f575a9fbfa72022-02-14 08:45:08.891root 11241100x80000000000000001747580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.892{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c30d53a19ad297c2022-02-14 08:45:08.892root 11241100x80000000000000001747581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.892{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa116a781d9927e2022-02-14 08:45:08.892root 11241100x80000000000000001747582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.892{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26da89ff6a5cf2d52022-02-14 08:45:08.892root 11241100x80000000000000001747583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.892{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8f3e8328ca703c2022-02-14 08:45:08.892root 11241100x80000000000000001747584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.892{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a387e3e1eb61c8c2022-02-14 08:45:08.892root 11241100x80000000000000001747585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.893{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843a3784c1a87db72022-02-14 08:45:08.893root 11241100x80000000000000001747586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.893{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f28f625701f18d2022-02-14 08:45:08.893root 11241100x80000000000000001747587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.893{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d410cbd9c3ad0e2022-02-14 08:45:08.893root 11241100x80000000000000001747588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.893{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722c57d54374b9162022-02-14 08:45:08.893root 11241100x80000000000000001747589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.894{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1896c4bb06f55c3a2022-02-14 08:45:08.894root 11241100x80000000000000001747590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.894{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c067a7e3d66d26d32022-02-14 08:45:08.894root 11241100x80000000000000001747591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.894{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395fb00aa71385732022-02-14 08:45:08.894root 11241100x80000000000000001747592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.894{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263a859d578a15f72022-02-14 08:45:08.894root 11241100x80000000000000001747593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.894{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bffc88f4ee7acf42022-02-14 08:45:08.894root 11241100x80000000000000001747594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.894{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4759ea3ee6e0972f2022-02-14 08:45:08.894root 11241100x80000000000000001747595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.894{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a97a8aa5ff0786f2022-02-14 08:45:08.894root 11241100x80000000000000001747596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.895{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea049859d17145542022-02-14 08:45:08.895root 11241100x80000000000000001747597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.895{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785ba838930abe232022-02-14 08:45:08.895root 11241100x80000000000000001747598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.895{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04a7192a54228422022-02-14 08:45:08.895root 11241100x80000000000000001747599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.895{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93e38e5df9b70572022-02-14 08:45:08.895root 11241100x80000000000000001747600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.895{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42282e339a775b792022-02-14 08:45:08.895root 11241100x80000000000000001747601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.895{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6f6c7d5ccd252d2022-02-14 08:45:08.895root 11241100x80000000000000001747602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.896{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388990f01ea676f82022-02-14 08:45:08.896root 11241100x80000000000000001747603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.896{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319bece2c0d1b84f2022-02-14 08:45:08.896root 11241100x80000000000000001747604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.896{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e81b693f8e418c2022-02-14 08:45:08.896root 11241100x80000000000000001747605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.896{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560b3d141af851222022-02-14 08:45:08.896root 11241100x80000000000000001747606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.897{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5521cb7f863a37262022-02-14 08:45:08.897root 11241100x80000000000000001747607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.897{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f884daeaa0eeda2022-02-14 08:45:08.897root 11241100x80000000000000001747608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.897{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04836bc1c847b47b2022-02-14 08:45:08.897root 11241100x80000000000000001747609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.897{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d482d4a4c2be8f72022-02-14 08:45:08.897root 11241100x80000000000000001747610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.897{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ae484530aab3412022-02-14 08:45:08.897root 11241100x80000000000000001747611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.898{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743d69cbe1cdc5612022-02-14 08:45:08.898root 11241100x80000000000000001747612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:08.898{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0219cc7b1ffd6482022-02-14 08:45:08.898root 11241100x80000000000000001747613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.614{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cdaf4f60e1ac5502022-02-14 08:45:09.614root 11241100x80000000000000001747614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.614{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004b96c43416f54e2022-02-14 08:45:09.614root 11241100x80000000000000001747615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.614{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f2b8d0729cbcca2022-02-14 08:45:09.614root 11241100x80000000000000001747616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.614{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33524c552aee8742022-02-14 08:45:09.614root 11241100x80000000000000001747617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.614{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b227c2837015c72022-02-14 08:45:09.614root 11241100x80000000000000001747618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.615{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e5db37ed9acdd62022-02-14 08:45:09.615root 11241100x80000000000000001747619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.615{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d32dd6bcfc20e02022-02-14 08:45:09.615root 11241100x80000000000000001747620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.615{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ad5f8ad6f610b82022-02-14 08:45:09.615root 11241100x80000000000000001747621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.615{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c228836c021a1f352022-02-14 08:45:09.615root 11241100x80000000000000001747622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.615{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2d52796181ef7a2022-02-14 08:45:09.615root 11241100x80000000000000001747623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.615{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689fca3aefe4e35b2022-02-14 08:45:09.615root 11241100x80000000000000001747624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.615{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b88955b72688772022-02-14 08:45:09.615root 11241100x80000000000000001747625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.615{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553d5bf4f5034ce92022-02-14 08:45:09.615root 11241100x80000000000000001747626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.615{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8cf77c6e0ec5622022-02-14 08:45:09.615root 11241100x80000000000000001747627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.615{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef48b6c9f6ff01e2022-02-14 08:45:09.615root 11241100x80000000000000001747628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.615{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6601a5f87cde3e2022-02-14 08:45:09.615root 11241100x80000000000000001747629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.615{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfe858d4a2e51782022-02-14 08:45:09.615root 11241100x80000000000000001747630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.615{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e613190a07df6d2022-02-14 08:45:09.615root 11241100x80000000000000001747631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.615{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f05f72e8b1de902022-02-14 08:45:09.615root 11241100x80000000000000001747632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.615{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eafcf44bccfd7052022-02-14 08:45:09.615root 11241100x80000000000000001747633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.615{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d52fc5309313ab92022-02-14 08:45:09.615root 11241100x80000000000000001747634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.616{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2b2334da6151f62022-02-14 08:45:09.616root 11241100x80000000000000001747635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.616{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6e426cec392c972022-02-14 08:45:09.616root 11241100x80000000000000001747636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.616{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f620002f5715d52022-02-14 08:45:09.616root 11241100x80000000000000001747637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.616{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdc9727d68591c52022-02-14 08:45:09.616root 11241100x80000000000000001747638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.616{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e628688034408c92022-02-14 08:45:09.616root 11241100x80000000000000001747639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.616{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d045382abc0fb92022-02-14 08:45:09.616root 11241100x80000000000000001747640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.616{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270613d5a9e5588f2022-02-14 08:45:09.616root 11241100x80000000000000001747641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.616{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73807e0ea4eb8a42022-02-14 08:45:09.616root 11241100x80000000000000001747642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.616{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942db7cc71f796fd2022-02-14 08:45:09.616root 11241100x80000000000000001747643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.616{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04025c1e662f5a962022-02-14 08:45:09.616root 11241100x80000000000000001747644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.617{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2e37432a2553a42022-02-14 08:45:09.617root 11241100x80000000000000001747645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.619{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda11045eb4a372e2022-02-14 08:45:09.619root 11241100x80000000000000001747646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.619{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b8a9b2d39f02cc2022-02-14 08:45:09.619root 11241100x80000000000000001747647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.619{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d2c2c62c19ad9a2022-02-14 08:45:09.619root 11241100x80000000000000001747648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.619{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fb88e6b90fd0092022-02-14 08:45:09.619root 11241100x80000000000000001747649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.619{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffac4adfa46ff432022-02-14 08:45:09.619root 11241100x80000000000000001747650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.619{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc54e63f13d85f42022-02-14 08:45:09.619root 11241100x80000000000000001747651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.619{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11f0c25a7eef1a92022-02-14 08:45:09.619root 11241100x80000000000000001747652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.619{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad5046f25e3435d2022-02-14 08:45:09.619root 11241100x80000000000000001747653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.621{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba31362429a20c6d2022-02-14 08:45:09.621root 11241100x80000000000000001747654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.621{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565c0cdeb8343b4b2022-02-14 08:45:09.621root 11241100x80000000000000001747655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.621{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1e3a91ce24411c2022-02-14 08:45:09.621root 11241100x80000000000000001747656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.621{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e3fc40c7766a182022-02-14 08:45:09.621root 11241100x80000000000000001747657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.621{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbcdc8cac742cc22022-02-14 08:45:09.621root 11241100x80000000000000001747658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.621{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3209631a869fe1632022-02-14 08:45:09.621root 11241100x80000000000000001747659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.622{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b4e5a3f83b23b62022-02-14 08:45:09.622root 11241100x80000000000000001747660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.622{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750dc7a9b797ee4e2022-02-14 08:45:09.622root 11241100x80000000000000001747661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.622{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37130d1d21552d632022-02-14 08:45:09.622root 11241100x80000000000000001747662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.622{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9632335cbaa70242022-02-14 08:45:09.622root 11241100x80000000000000001747663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.622{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b094573a3245fb712022-02-14 08:45:09.622root 11241100x80000000000000001747664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.622{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252d9035bb233ede2022-02-14 08:45:09.622root 11241100x80000000000000001747665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.622{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a149008764206c2e2022-02-14 08:45:09.622root 11241100x80000000000000001747666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.622{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadaf0cb1174a5f52022-02-14 08:45:09.622root 11241100x80000000000000001747667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.622{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9108a32faee73fd2022-02-14 08:45:09.622root 11241100x80000000000000001747668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.622{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b61b6d02c45f3b02022-02-14 08:45:09.622root 11241100x80000000000000001747669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.622{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7d956b63bead612022-02-14 08:45:09.622root 11241100x80000000000000001747670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.622{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fffb444723304552022-02-14 08:45:09.622root 11241100x80000000000000001747671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.622{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfee5dc13078ab82022-02-14 08:45:09.622root 11241100x80000000000000001747672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.622{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d48732ab2b918c2022-02-14 08:45:09.622root 11241100x80000000000000001747673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.623{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485a6b9721a3e8392022-02-14 08:45:09.623root 11241100x80000000000000001747674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.623{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec983018219893f2022-02-14 08:45:09.623root 11241100x80000000000000001747675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.623{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41befc6df6163e672022-02-14 08:45:09.623root 11241100x80000000000000001747676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.623{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd2d84099d601892022-02-14 08:45:09.623root 11241100x80000000000000001747677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.623{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79f6f79ebd4410a2022-02-14 08:45:09.623root 11241100x80000000000000001747678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.626{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d7e651e47e09972022-02-14 08:45:09.626root 11241100x80000000000000001747679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.626{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243f3477ffa1945c2022-02-14 08:45:09.626root 11241100x80000000000000001747680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.627{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02204dcfc826494e2022-02-14 08:45:09.627root 11241100x80000000000000001747681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.627{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6515c098a7cf312022-02-14 08:45:09.627root 11241100x80000000000000001747682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.627{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5dd70068983257c2022-02-14 08:45:09.627root 11241100x80000000000000001747683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.627{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67068b6f974d4c632022-02-14 08:45:09.627root 11241100x80000000000000001747684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.627{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc998f9bb0714b82022-02-14 08:45:09.627root 11241100x80000000000000001747685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.627{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f281e8c978aee642022-02-14 08:45:09.627root 11241100x80000000000000001747686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.627{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b120d49c4490291b2022-02-14 08:45:09.627root 11241100x80000000000000001747687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.627{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12fff7ac16fa3fc02022-02-14 08:45:09.627root 11241100x80000000000000001747688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.627{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d007b71344f52da42022-02-14 08:45:09.627root 11241100x80000000000000001747689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.628{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a29eb982544347e2022-02-14 08:45:09.628root 11241100x80000000000000001747690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.628{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0641b925586ec32022-02-14 08:45:09.628root 11241100x80000000000000001747691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.628{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49614fc65eff05f12022-02-14 08:45:09.628root 11241100x80000000000000001747692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.628{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4506b7af2f5bd102022-02-14 08:45:09.628root 11241100x80000000000000001747693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.628{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdfa1b752a1aa022022-02-14 08:45:09.628root 11241100x80000000000000001747694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.628{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52cfbf541153cae2022-02-14 08:45:09.628root 11241100x80000000000000001747695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.628{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627547e55830d7672022-02-14 08:45:09.628root 11241100x80000000000000001747696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.628{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7b21967298e5c42022-02-14 08:45:09.628root 11241100x80000000000000001747697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.628{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9a548414985e192022-02-14 08:45:09.628root 11241100x80000000000000001747698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.629{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc90feb75c3fb27c2022-02-14 08:45:09.629root 11241100x80000000000000001747699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.629{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa81146ae1f20602022-02-14 08:45:09.629root 11241100x80000000000000001747700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.629{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9688bc95d1b3cc772022-02-14 08:45:09.629root 11241100x80000000000000001747701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.629{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53de926f8ab48cf22022-02-14 08:45:09.629root 11241100x80000000000000001747702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.629{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282ea9a20436f8472022-02-14 08:45:09.629root 11241100x80000000000000001747703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.629{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886ba8e57a7bd8cc2022-02-14 08:45:09.629root 11241100x80000000000000001747704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.629{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667be33e7ad5de6e2022-02-14 08:45:09.629root 11241100x80000000000000001747705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.629{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055e5fbf48e3e1052022-02-14 08:45:09.629root 11241100x80000000000000001747706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.630{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ef59df4fa34ddd2022-02-14 08:45:09.630root 11241100x80000000000000001747707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.630{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c2599e645d8f392022-02-14 08:45:09.630root 11241100x80000000000000001747708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.630{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7936e7e58eca35af2022-02-14 08:45:09.630root 11241100x80000000000000001747709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.634{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2dac966ef65f4ef2022-02-14 08:45:09.634root 11241100x80000000000000001747710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.634{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b8cecb6d7d27762022-02-14 08:45:09.634root 11241100x80000000000000001747711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.634{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9fa1108bd1acde2022-02-14 08:45:09.634root 11241100x80000000000000001747712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.634{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4caff638ae9305f12022-02-14 08:45:09.634root 11241100x80000000000000001747713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.634{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1c61f5747687f32022-02-14 08:45:09.634root 11241100x80000000000000001747714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.634{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ddc9e42290dfec2022-02-14 08:45:09.634root 11241100x80000000000000001747715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.634{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2d9750a32e909f2022-02-14 08:45:09.634root 11241100x80000000000000001747716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.635{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a82e61c54a9c3012022-02-14 08:45:09.635root 11241100x80000000000000001747717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.635{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a751da23730f402022-02-14 08:45:09.635root 11241100x80000000000000001747718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.635{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b05882f127f33b2022-02-14 08:45:09.635root 11241100x80000000000000001747719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.635{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b1dc4bed007a572022-02-14 08:45:09.635root 11241100x80000000000000001747720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.635{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e73f5d31eb845232022-02-14 08:45:09.635root 11241100x80000000000000001747721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.635{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22a6da12cc7ee472022-02-14 08:45:09.635root 11241100x80000000000000001747722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.635{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3ea285a963b5f82022-02-14 08:45:09.635root 11241100x80000000000000001747723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.635{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883efe929f8dadc12022-02-14 08:45:09.635root 11241100x80000000000000001747724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.635{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66333e59c8092f362022-02-14 08:45:09.635root 11241100x80000000000000001747725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.636{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9753585e4b42b0e2022-02-14 08:45:09.636root 11241100x80000000000000001747726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.639{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84861bec8540c692022-02-14 08:45:09.639root 11241100x80000000000000001747727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.639{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67ea7ccd219a1332022-02-14 08:45:09.639root 11241100x80000000000000001747728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.639{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec9749fc624669c2022-02-14 08:45:09.639root 11241100x80000000000000001747729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.639{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365ae81f4f9c6ec82022-02-14 08:45:09.639root 11241100x80000000000000001747730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.639{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9ecce2acf0fda72022-02-14 08:45:09.639root 11241100x80000000000000001747731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.640{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee169fc677840c4e2022-02-14 08:45:09.640root 11241100x80000000000000001747732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.640{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2558c7804558fb342022-02-14 08:45:09.640root 11241100x80000000000000001747733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.640{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf106935637b1e9e2022-02-14 08:45:09.640root 11241100x80000000000000001747734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.640{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e17a22ee5f7b5b2022-02-14 08:45:09.640root 11241100x80000000000000001747735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.640{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f707a301646bdd2022-02-14 08:45:09.640root 11241100x80000000000000001747736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.640{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084cae67316197ca2022-02-14 08:45:09.640root 11241100x80000000000000001747737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.640{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758667633bded3832022-02-14 08:45:09.640root 11241100x80000000000000001747738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.640{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223646caeff5323a2022-02-14 08:45:09.640root 11241100x80000000000000001747739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.641{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370c9b295f97e10d2022-02-14 08:45:09.641root 11241100x80000000000000001747740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.641{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02cf84a1daa5f1c2022-02-14 08:45:09.641root 11241100x80000000000000001747741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.641{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c3775255a0b9132022-02-14 08:45:09.641root 11241100x80000000000000001747742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.641{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6053bafebb1b002022-02-14 08:45:09.641root 11241100x80000000000000001747743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.641{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ff4ff238603dbb2022-02-14 08:45:09.641root 11241100x80000000000000001747744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.641{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c702c4b7c3b179c52022-02-14 08:45:09.641root 11241100x80000000000000001747745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.641{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109372f5a4b6e05c2022-02-14 08:45:09.641root 11241100x80000000000000001747746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.641{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81def5f4a5c4d8a2022-02-14 08:45:09.641root 11241100x80000000000000001747747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.642{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1cab8b4b7acf1a2022-02-14 08:45:09.642root 11241100x80000000000000001747748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.642{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4b0d4ef9b6b93e2022-02-14 08:45:09.642root 11241100x80000000000000001747749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.642{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0283d0666ee8db2022-02-14 08:45:09.642root 11241100x80000000000000001747750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.642{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a724f3170525bc1f2022-02-14 08:45:09.642root 11241100x80000000000000001747751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.642{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0be22090f0cb6aa2022-02-14 08:45:09.642root 11241100x80000000000000001747752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.642{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d402af930b8eca2022-02-14 08:45:09.642root 11241100x80000000000000001747753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.642{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48ea864019717e52022-02-14 08:45:09.642root 11241100x80000000000000001747754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.642{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a18d78305e740c52022-02-14 08:45:09.642root 11241100x80000000000000001747755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.642{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849d6f52ae4bd86f2022-02-14 08:45:09.642root 11241100x80000000000000001747756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.643{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0f2826a7057c6c2022-02-14 08:45:09.643root 11241100x80000000000000001747757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.643{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0fbe2aca5899e62022-02-14 08:45:09.643root 11241100x80000000000000001747758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.643{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d997df5ddf8d7d2022-02-14 08:45:09.643root 11241100x80000000000000001747759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.643{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d74b80dc34a3d92022-02-14 08:45:09.643root 11241100x80000000000000001747760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.643{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbca7b567204246a2022-02-14 08:45:09.643root 11241100x80000000000000001747761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.643{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b78a648330c60232022-02-14 08:45:09.643root 11241100x80000000000000001747762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.643{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe6b2f51c9452312022-02-14 08:45:09.643root 11241100x80000000000000001747763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.643{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fd70675a28f68c2022-02-14 08:45:09.643root 11241100x80000000000000001747764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.643{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3424ef7ffead56f2022-02-14 08:45:09.643root 11241100x80000000000000001747765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.643{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ecb4985569bad82022-02-14 08:45:09.643root 11241100x80000000000000001747766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.643{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5a694a52b4c7a52022-02-14 08:45:09.643root 11241100x80000000000000001747767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.643{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530d090153cb0cb02022-02-14 08:45:09.643root 11241100x80000000000000001747768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.643{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2ee6c52803ab1f2022-02-14 08:45:09.643root 11241100x80000000000000001747769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.643{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a31af69d659fdc2022-02-14 08:45:09.643root 11241100x80000000000000001747770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.644{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5e08cc26de4a942022-02-14 08:45:09.644root 11241100x80000000000000001747771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.644{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff918869eb8177e82022-02-14 08:45:09.644root 11241100x80000000000000001747772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.644{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a4566aea6b4e672022-02-14 08:45:09.644root 11241100x80000000000000001747773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.644{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2797d961f0aa265b2022-02-14 08:45:09.644root 11241100x80000000000000001747774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.644{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ce7300c4c500562022-02-14 08:45:09.644root 11241100x80000000000000001747775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.644{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5c97561d2dfc7b2022-02-14 08:45:09.644root 11241100x80000000000000001747776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.644{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574289d761f20cee2022-02-14 08:45:09.644root 11241100x80000000000000001747777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.644{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c9384bf99b78e32022-02-14 08:45:09.644root 11241100x80000000000000001747778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.644{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fcc8156d3e1ab52022-02-14 08:45:09.644root 11241100x80000000000000001747779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.644{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14ff3a5ad0ffa662022-02-14 08:45:09.644root 11241100x80000000000000001747780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.644{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5116c076983d092b2022-02-14 08:45:09.644root 11241100x80000000000000001747781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.644{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1459f599a6987fd82022-02-14 08:45:09.644root 11241100x80000000000000001747782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.644{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab209dc39f6c66872022-02-14 08:45:09.644root 11241100x80000000000000001747783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.644{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc4f3ba2034605a2022-02-14 08:45:09.644root 11241100x80000000000000001747784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.644{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6241bf0c8ae6727a2022-02-14 08:45:09.644root 11241100x80000000000000001747785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.644{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58fb56ea2ff18012022-02-14 08:45:09.644root 11241100x80000000000000001747786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.645{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca7d6d4d032b6d82022-02-14 08:45:09.645root 11241100x80000000000000001747787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.645{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08881077c3a2d6942022-02-14 08:45:09.645root 11241100x80000000000000001747788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.645{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07383027ed60acee2022-02-14 08:45:09.645root 11241100x80000000000000001747789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.645{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb916e81c9b41f02022-02-14 08:45:09.645root 11241100x80000000000000001747790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.645{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87dfc2e25bd053572022-02-14 08:45:09.645root 11241100x80000000000000001747791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.645{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3151a7393beba672022-02-14 08:45:09.645root 11241100x80000000000000001747792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.645{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defe727a56c5b5172022-02-14 08:45:09.645root 11241100x80000000000000001747793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.645{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b657dce0d191c8c82022-02-14 08:45:09.645root 11241100x80000000000000001747794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.645{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a4d909c46c7ab12022-02-14 08:45:09.645root 11241100x80000000000000001747795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.645{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df33f1f0b86f246b2022-02-14 08:45:09.645root 11241100x80000000000000001747796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.645{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f612323330e05d2022-02-14 08:45:09.645root 11241100x80000000000000001747797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.645{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897de3a6b79039802022-02-14 08:45:09.645root 11241100x80000000000000001747798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.645{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718580121ec309df2022-02-14 08:45:09.645root 11241100x80000000000000001747799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.645{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c7dc632b573c552022-02-14 08:45:09.645root 11241100x80000000000000001747800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.645{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab307bc2ca4d01162022-02-14 08:45:09.645root 11241100x80000000000000001747801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.646{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133cdc040099421a2022-02-14 08:45:09.646root 11241100x80000000000000001747802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.646{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc9e5549bc878d62022-02-14 08:45:09.646root 11241100x80000000000000001747803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.646{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae49e2d5275b39b72022-02-14 08:45:09.646root 11241100x80000000000000001747804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.646{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95efc9c667ddbd982022-02-14 08:45:09.646root 11241100x80000000000000001747805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.646{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fb54a76aeeb6872022-02-14 08:45:09.646root 11241100x80000000000000001747806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:09.646{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bda0b2c751f9eac2022-02-14 08:45:09.646root 11241100x80000000000000001747807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.213{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-02-14 08:45:10.213root 354300x80000000000000001747808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.215{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-54994-false10.0.1.12-8089- 11241100x80000000000000001747809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.356{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e22720a71c9f082022-02-14 08:45:10.356root 11241100x80000000000000001747810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.356{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7535578c28f7463f2022-02-14 08:45:10.356root 11241100x80000000000000001747811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.356{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4886bb379ec0036a2022-02-14 08:45:10.356root 11241100x80000000000000001747812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.356{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b1ac1e7c4d07252022-02-14 08:45:10.356root 11241100x80000000000000001747813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.356{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3b0168afdc999c2022-02-14 08:45:10.356root 11241100x80000000000000001747814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.357{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5042251c5190c56d2022-02-14 08:45:10.357root 11241100x80000000000000001747815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.357{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38180964f0a114f2022-02-14 08:45:10.357root 11241100x80000000000000001747816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.357{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6efe51ee98792af2022-02-14 08:45:10.357root 11241100x80000000000000001747817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.357{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c524a98fda35f3f12022-02-14 08:45:10.357root 11241100x80000000000000001747818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.357{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b6af9fb1fc872c2022-02-14 08:45:10.357root 11241100x80000000000000001747819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.357{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcd9a8339e7dbcc2022-02-14 08:45:10.357root 11241100x80000000000000001747820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.357{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6d829a9fd320312022-02-14 08:45:10.357root 11241100x80000000000000001747821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.358{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f21e98c248a28062022-02-14 08:45:10.358root 11241100x80000000000000001747822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.358{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c8ad0cb4ca09a62022-02-14 08:45:10.358root 11241100x80000000000000001747823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.358{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8bc39675edcfef2022-02-14 08:45:10.358root 11241100x80000000000000001747824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.358{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1d28666a8781c82022-02-14 08:45:10.358root 11241100x80000000000000001747825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.358{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f659ab08b84e3dc12022-02-14 08:45:10.358root 11241100x80000000000000001747826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.358{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63a202a16fa6a7d2022-02-14 08:45:10.358root 11241100x80000000000000001747827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.358{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3308de53ea740f2022-02-14 08:45:10.358root 11241100x80000000000000001747828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.358{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b1d0d4c1c4614b2022-02-14 08:45:10.358root 11241100x80000000000000001747829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.358{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4819fb8a235aafd2022-02-14 08:45:10.358root 11241100x80000000000000001747830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.359{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f014848103a1eb1e2022-02-14 08:45:10.359root 11241100x80000000000000001747831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.359{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf66d3a90c47e1c2022-02-14 08:45:10.359root 11241100x80000000000000001747832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.359{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ad719b7caccd632022-02-14 08:45:10.359root 11241100x80000000000000001747833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.359{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865f7e6d2c9f6f2b2022-02-14 08:45:10.359root 11241100x80000000000000001747834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.359{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0650585cec7e36fa2022-02-14 08:45:10.359root 11241100x80000000000000001747835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.359{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ff113a9657ebc32022-02-14 08:45:10.359root 11241100x80000000000000001747836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.359{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36f59e63bd17cc62022-02-14 08:45:10.359root 11241100x80000000000000001747837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.359{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb25c933de75e8ad2022-02-14 08:45:10.359root 11241100x80000000000000001747838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.359{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962f24b6adab31942022-02-14 08:45:10.359root 11241100x80000000000000001747839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.359{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962d2463906b02862022-02-14 08:45:10.359root 11241100x80000000000000001747840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.360{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4606b7772559d35c2022-02-14 08:45:10.360root 11241100x80000000000000001747841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.360{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07dea6540fcbd56c2022-02-14 08:45:10.360root 11241100x80000000000000001747842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.360{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f766883940652c92022-02-14 08:45:10.360root 11241100x80000000000000001747843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.360{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87333f36aea44f4e2022-02-14 08:45:10.360root 11241100x80000000000000001747844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.360{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb608b5d99cdf9a92022-02-14 08:45:10.360root 11241100x80000000000000001747845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.360{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af9d2c57c2a664b2022-02-14 08:45:10.360root 11241100x80000000000000001747846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.360{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095c96afebd0db652022-02-14 08:45:10.360root 11241100x80000000000000001747847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.360{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5053d5df8aff4dcc2022-02-14 08:45:10.360root 11241100x80000000000000001747848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.360{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a1bbb082ba50cb2022-02-14 08:45:10.360root 11241100x80000000000000001747849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.360{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7caa08db93fbd762022-02-14 08:45:10.360root 11241100x80000000000000001747850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.361{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8182f3fb6130312022-02-14 08:45:10.361root 11241100x80000000000000001747851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.361{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6646389cbd1c22f92022-02-14 08:45:10.361root 11241100x80000000000000001747852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.361{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2060cdab046e4bd12022-02-14 08:45:10.361root 11241100x80000000000000001747853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.361{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ed76e1ffe4da2f2022-02-14 08:45:10.361root 11241100x80000000000000001747854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.361{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07430cea66ab5b442022-02-14 08:45:10.361root 11241100x80000000000000001747855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.361{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279caca591a11bf42022-02-14 08:45:10.361root 11241100x80000000000000001747856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.361{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd932896f27751902022-02-14 08:45:10.361root 11241100x80000000000000001747857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.361{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc31c563089970a2022-02-14 08:45:10.361root 11241100x80000000000000001747858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.361{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9c16375295ce502022-02-14 08:45:10.361root 11241100x80000000000000001747859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.361{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d166b0c9fc9eb7642022-02-14 08:45:10.361root 11241100x80000000000000001747860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.362{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75681a0803c7fb8d2022-02-14 08:45:10.362root 11241100x80000000000000001747861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.362{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7b4ea711e9de432022-02-14 08:45:10.362root 11241100x80000000000000001747862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.362{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebec3a9e8481164a2022-02-14 08:45:10.362root 11241100x80000000000000001747863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.362{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5684def47102412022-02-14 08:45:10.362root 11241100x80000000000000001747864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.369{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6fc12fd7a126ab2022-02-14 08:45:10.369root 11241100x80000000000000001747865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.369{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226577893d16e0142022-02-14 08:45:10.369root 11241100x80000000000000001747866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.369{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb574e360b379b6f2022-02-14 08:45:10.369root 11241100x80000000000000001747867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.369{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cc737e481202d22022-02-14 08:45:10.369root 11241100x80000000000000001747868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.369{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398078b3f099468b2022-02-14 08:45:10.369root 11241100x80000000000000001747869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.369{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b87d6893f8d99962022-02-14 08:45:10.369root 11241100x80000000000000001747870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.369{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3516ad82dbd9b12f2022-02-14 08:45:10.369root 11241100x80000000000000001747871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.369{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8287fc90c81d1d2022-02-14 08:45:10.369root 11241100x80000000000000001747872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.369{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f641e236239d81522022-02-14 08:45:10.369root 11241100x80000000000000001747873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.370{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50de32713be9fbdd2022-02-14 08:45:10.370root 11241100x80000000000000001747874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.370{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f92c1be1453670b2022-02-14 08:45:10.370root 11241100x80000000000000001747875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.370{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6c38ec76dd593c2022-02-14 08:45:10.370root 11241100x80000000000000001747876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.370{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf38c2379f1045b2022-02-14 08:45:10.370root 11241100x80000000000000001747877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.370{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847b70a5fd02a81c2022-02-14 08:45:10.370root 11241100x80000000000000001747878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.370{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a486c29bd7d6102022-02-14 08:45:10.370root 11241100x80000000000000001747879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.370{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6b053528c9afc72022-02-14 08:45:10.370root 11241100x80000000000000001747880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.370{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e156511ae5352d42022-02-14 08:45:10.370root 11241100x80000000000000001747881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.370{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bba9e69d31bd4b92022-02-14 08:45:10.370root 11241100x80000000000000001747882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.371{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8ab83bee1bbed72022-02-14 08:45:10.371root 11241100x80000000000000001747883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.371{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51723e134ca00b852022-02-14 08:45:10.371root 11241100x80000000000000001747884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.371{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54ccbb810ce312f2022-02-14 08:45:10.371root 11241100x80000000000000001747885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.371{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ed47c276d21a112022-02-14 08:45:10.371root 11241100x80000000000000001747886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.371{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3969ff20750e818a2022-02-14 08:45:10.371root 11241100x80000000000000001747887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.371{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7119e43fb37929db2022-02-14 08:45:10.371root 11241100x80000000000000001747888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.371{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd5648e7b5b88012022-02-14 08:45:10.371root 11241100x80000000000000001747889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.371{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1ca8265d5bf0862022-02-14 08:45:10.371root 11241100x80000000000000001747890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.371{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494f8b2383f30c7b2022-02-14 08:45:10.371root 11241100x80000000000000001747891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.372{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209b86e3933af6a22022-02-14 08:45:10.372root 11241100x80000000000000001747892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.372{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc5649ae0ef3afd2022-02-14 08:45:10.372root 11241100x80000000000000001747893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.372{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaec0ff993a5dba72022-02-14 08:45:10.372root 11241100x80000000000000001747894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.372{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16fa526c3fad6222022-02-14 08:45:10.372root 11241100x80000000000000001747895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.372{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa2a4c90c6b6ed02022-02-14 08:45:10.372root 11241100x80000000000000001747896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.372{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3bc8629b9d68a52022-02-14 08:45:10.372root 11241100x80000000000000001747897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.372{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ad3acc3763f51e2022-02-14 08:45:10.372root 11241100x80000000000000001747898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.372{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70e7394febb5a8b2022-02-14 08:45:10.372root 11241100x80000000000000001747899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.372{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6c421841f988042022-02-14 08:45:10.372root 11241100x80000000000000001747900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.372{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41a06b6b6cd91932022-02-14 08:45:10.372root 11241100x80000000000000001747901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.373{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ec553098f0c5ae2022-02-14 08:45:10.373root 11241100x80000000000000001747902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.373{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67692ce66ff85a92022-02-14 08:45:10.373root 11241100x80000000000000001747903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.373{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7531702497e5fc2022-02-14 08:45:10.373root 11241100x80000000000000001747904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.373{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1579e5820a0f49fc2022-02-14 08:45:10.373root 11241100x80000000000000001747905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.373{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70299922b4277ed2022-02-14 08:45:10.373root 11241100x80000000000000001747906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.373{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69ca14bf572df442022-02-14 08:45:10.373root 11241100x80000000000000001747907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.373{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf8a66d49bbb04c2022-02-14 08:45:10.373root 11241100x80000000000000001747908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.373{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1583a5d25dde5a2022-02-14 08:45:10.373root 11241100x80000000000000001747909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.373{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d996ab7234ebeb2022-02-14 08:45:10.373root 11241100x80000000000000001747910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.373{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067422ca451973d62022-02-14 08:45:10.373root 11241100x80000000000000001747911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.374{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2320bc0796813502022-02-14 08:45:10.374root 11241100x80000000000000001747912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.374{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43448db344f7ede2022-02-14 08:45:10.374root 11241100x80000000000000001747913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.374{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47417972d8bbeea32022-02-14 08:45:10.374root 11241100x80000000000000001747914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.374{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596aee43249847452022-02-14 08:45:10.374root 11241100x80000000000000001747915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.374{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1277843365d73d2022-02-14 08:45:10.374root 11241100x80000000000000001747916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.374{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0cabbe312babe82022-02-14 08:45:10.374root 11241100x80000000000000001747917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.374{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac19b95ffa18f062022-02-14 08:45:10.374root 11241100x80000000000000001747918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.374{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4bd9221f5cc1792022-02-14 08:45:10.374root 11241100x80000000000000001747919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.374{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f32b7c67fda63a2022-02-14 08:45:10.374root 11241100x80000000000000001747920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.374{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bb737185f5fc242022-02-14 08:45:10.374root 11241100x80000000000000001747921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.375{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c0573cd12975a32022-02-14 08:45:10.375root 11241100x80000000000000001747922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.375{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a2bd575196177a2022-02-14 08:45:10.375root 11241100x80000000000000001747923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.375{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9a44cdc0781c402022-02-14 08:45:10.375root 11241100x80000000000000001747924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.375{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dae5b81c44aaba42022-02-14 08:45:10.375root 11241100x80000000000000001747925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.375{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942ff065b6d25fbe2022-02-14 08:45:10.375root 11241100x80000000000000001747926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.375{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895afb5caba2983b2022-02-14 08:45:10.375root 11241100x80000000000000001747927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.375{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc8a654c902780b2022-02-14 08:45:10.375root 11241100x80000000000000001747928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.375{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2e77497d0158ba2022-02-14 08:45:10.375root 11241100x80000000000000001747929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.375{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14720d5a0fba2d9d2022-02-14 08:45:10.375root 11241100x80000000000000001747930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.375{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe5ecd4f15560282022-02-14 08:45:10.375root 11241100x80000000000000001747931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.375{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607dce8fc91343c22022-02-14 08:45:10.375root 11241100x80000000000000001747932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.375{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d057b15626e5b3b82022-02-14 08:45:10.375root 11241100x80000000000000001747933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.375{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bfa355c56da3ca2022-02-14 08:45:10.375root 11241100x80000000000000001747934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.375{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a25b5909cb47e52022-02-14 08:45:10.375root 11241100x80000000000000001747935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.375{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c193f840107e482022-02-14 08:45:10.375root 11241100x80000000000000001747936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.376{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85133f58d4469b572022-02-14 08:45:10.376root 11241100x80000000000000001747937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.376{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf05214dd3144df2022-02-14 08:45:10.376root 11241100x80000000000000001747938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.376{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f03a030bcfbbbe72022-02-14 08:45:10.376root 11241100x80000000000000001747939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.376{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2593da0093b4d78a2022-02-14 08:45:10.376root 11241100x80000000000000001747940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.376{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4744b60e94b1b9a72022-02-14 08:45:10.376root 11241100x80000000000000001747941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.376{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d72b7f6e598b8962022-02-14 08:45:10.376root 11241100x80000000000000001747942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.376{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1282eb3d7289be842022-02-14 08:45:10.376root 11241100x80000000000000001747943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.376{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a172462e8e245a2022-02-14 08:45:10.376root 11241100x80000000000000001747944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.376{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f57f806b7b9bfb92022-02-14 08:45:10.376root 11241100x80000000000000001747945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.376{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5557a70614ec413f2022-02-14 08:45:10.376root 11241100x80000000000000001747946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.376{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6751265ebbbceb2022-02-14 08:45:10.376root 11241100x80000000000000001747947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.376{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a8de41a23dd9f12022-02-14 08:45:10.376root 11241100x80000000000000001747948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.376{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168ab0943375aaec2022-02-14 08:45:10.376root 11241100x80000000000000001747949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.377{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1379a1e94ef532a12022-02-14 08:45:10.377root 11241100x80000000000000001747950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.377{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f3ca2fdd8f87672022-02-14 08:45:10.377root 11241100x80000000000000001747951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.377{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600b2b7ab1a4d4cc2022-02-14 08:45:10.377root 11241100x80000000000000001747952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.377{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2338cdea3d8d666f2022-02-14 08:45:10.377root 11241100x80000000000000001747953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.377{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40729a05136c01652022-02-14 08:45:10.377root 11241100x80000000000000001747954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.377{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0645738e38a9abc2022-02-14 08:45:10.377root 11241100x80000000000000001747955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.377{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fa29aefcb2f9f32022-02-14 08:45:10.377root 11241100x80000000000000001747956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.377{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b9f5641ca6aba72022-02-14 08:45:10.377root 11241100x80000000000000001747957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.377{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b406d80cb69cb0212022-02-14 08:45:10.377root 11241100x80000000000000001747958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.377{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f3c2efb65790292022-02-14 08:45:10.377root 11241100x80000000000000001747959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.378{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9114d3779e4506762022-02-14 08:45:10.378root 11241100x80000000000000001747960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.378{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffc1845fea23db02022-02-14 08:45:10.378root 11241100x80000000000000001747961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.378{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382f647622a77cc22022-02-14 08:45:10.378root 11241100x80000000000000001747962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.378{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167045b9b4998ab42022-02-14 08:45:10.378root 11241100x80000000000000001747963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.378{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b485193f75f290b72022-02-14 08:45:10.378root 11241100x80000000000000001747964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.378{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65b4640c1c8dd8d2022-02-14 08:45:10.378root 11241100x80000000000000001747965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.378{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cea5752764f5d792022-02-14 08:45:10.378root 11241100x80000000000000001747966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.378{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e366bd9d186e7c32022-02-14 08:45:10.378root 11241100x80000000000000001747967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.378{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade94235c057146d2022-02-14 08:45:10.378root 11241100x80000000000000001747968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.378{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6802afa5c6e95542022-02-14 08:45:10.378root 11241100x80000000000000001747969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.378{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ad66d84972a81d2022-02-14 08:45:10.378root 11241100x80000000000000001747970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.378{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b919f5d7a0b381f72022-02-14 08:45:10.378root 11241100x80000000000000001747971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.378{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ebc72dd39a5cbe2022-02-14 08:45:10.378root 11241100x80000000000000001747972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.379{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8248d15c920b08802022-02-14 08:45:10.379root 11241100x80000000000000001747973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.379{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ca70ea8da1d74c2022-02-14 08:45:10.379root 11241100x80000000000000001747974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.379{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f5afe9601592082022-02-14 08:45:10.379root 11241100x80000000000000001747975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.379{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443e19243e2b590f2022-02-14 08:45:10.379root 11241100x80000000000000001747976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.379{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e5c8e3654219ce2022-02-14 08:45:10.379root 11241100x80000000000000001747977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.379{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a74df97236eab4e2022-02-14 08:45:10.379root 11241100x80000000000000001747978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.379{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfc5601eb9e92602022-02-14 08:45:10.379root 11241100x80000000000000001747979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.380{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee4b56a2084cd812022-02-14 08:45:10.380root 11241100x80000000000000001747980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.380{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072220960251e71d2022-02-14 08:45:10.380root 11241100x80000000000000001747981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.380{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aae81c80fe2c5532022-02-14 08:45:10.380root 11241100x80000000000000001747982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.380{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be88c9b47fda5d0b2022-02-14 08:45:10.380root 11241100x80000000000000001747983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.380{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a62b7cb2c6ebd42022-02-14 08:45:10.380root 11241100x80000000000000001747984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.380{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354bc8496fefd9562022-02-14 08:45:10.380root 11241100x80000000000000001747985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.380{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6bd78f69a4b14f2022-02-14 08:45:10.380root 11241100x80000000000000001747986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.380{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9385e618894f5142022-02-14 08:45:10.380root 11241100x80000000000000001747987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.380{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150ead6c090cf0d82022-02-14 08:45:10.380root 11241100x80000000000000001747988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.380{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bac088dccace5942022-02-14 08:45:10.380root 11241100x80000000000000001747989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.380{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101f33d7d17fab212022-02-14 08:45:10.380root 11241100x80000000000000001747990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.380{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a79cbc14908ae02022-02-14 08:45:10.380root 11241100x80000000000000001747991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.380{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9bb81af22721322022-02-14 08:45:10.380root 11241100x80000000000000001747992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.381{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1145db1f864ead2022-02-14 08:45:10.381root 11241100x80000000000000001747993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.381{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a04edbba84f32e92022-02-14 08:45:10.381root 11241100x80000000000000001747994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.381{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51cc895cb0d441382022-02-14 08:45:10.381root 11241100x80000000000000001747995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:10.381{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2b83fcc2ae2eb82022-02-14 08:45:10.381root 11241100x80000000000000001747996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3d8fe71ac05d282022-02-14 08:45:11.107root 11241100x80000000000000001747997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8ede45efed604b2022-02-14 08:45:11.108root 11241100x80000000000000001747998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aef685b33320b342022-02-14 08:45:11.108root 11241100x80000000000000001747999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba05874f1994cf1b2022-02-14 08:45:11.108root 11241100x80000000000000001748000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc213a264b5e8c52022-02-14 08:45:11.108root 11241100x80000000000000001748001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a25364f538fdec2022-02-14 08:45:11.108root 11241100x80000000000000001748002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e80f8ca5af00b82022-02-14 08:45:11.108root 11241100x80000000000000001748003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01b8e8593f149bf2022-02-14 08:45:11.108root 11241100x80000000000000001748004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5ce30d32f873322022-02-14 08:45:11.108root 11241100x80000000000000001748005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f663e5bb18cb2f012022-02-14 08:45:11.109root 11241100x80000000000000001748006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6492b74eb23bee632022-02-14 08:45:11.109root 11241100x80000000000000001748007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b9e4ed13199aea2022-02-14 08:45:11.109root 11241100x80000000000000001748008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662729371587320e2022-02-14 08:45:11.109root 11241100x80000000000000001748009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873b116f7b60e3fb2022-02-14 08:45:11.109root 11241100x80000000000000001748010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb36d2e55c7f8cbf2022-02-14 08:45:11.109root 11241100x80000000000000001748011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86add6f6f26df89f2022-02-14 08:45:11.109root 11241100x80000000000000001748012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd7beeab22db9772022-02-14 08:45:11.109root 11241100x80000000000000001748013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2c7c21ab7224c32022-02-14 08:45:11.110root 11241100x80000000000000001748014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3264d644bf2acfaf2022-02-14 08:45:11.110root 11241100x80000000000000001748015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f8795ad1339ef02022-02-14 08:45:11.110root 11241100x80000000000000001748016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da86db9266828632022-02-14 08:45:11.110root 11241100x80000000000000001748017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853e5d74444e5e6d2022-02-14 08:45:11.110root 11241100x80000000000000001748018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8992d551d365e1e12022-02-14 08:45:11.110root 11241100x80000000000000001748019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0090a0d00092cff62022-02-14 08:45:11.110root 11241100x80000000000000001748020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88dc17b006d1d6872022-02-14 08:45:11.111root 11241100x80000000000000001748021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ef673156e12cb82022-02-14 08:45:11.111root 11241100x80000000000000001748022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.112{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ca92bd299277452022-02-14 08:45:11.112root 11241100x80000000000000001748023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.112{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e377ce6e32334e9b2022-02-14 08:45:11.112root 11241100x80000000000000001748024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.112{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edd550a3bf237192022-02-14 08:45:11.112root 11241100x80000000000000001748025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.112{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8024147222a6e2272022-02-14 08:45:11.112root 11241100x80000000000000001748026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.112{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2be75afd3cde84d2022-02-14 08:45:11.112root 11241100x80000000000000001748027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.113{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34c5e5e1001bddd2022-02-14 08:45:11.113root 11241100x80000000000000001748028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.113{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fb7d107a172d432022-02-14 08:45:11.113root 11241100x80000000000000001748029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.113{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33befe4df3953e692022-02-14 08:45:11.113root 11241100x80000000000000001748030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.113{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0295f0c119f2b5992022-02-14 08:45:11.113root 11241100x80000000000000001748031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.113{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0240a1ff31e3802022-02-14 08:45:11.113root 11241100x80000000000000001748032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.113{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b6ca547dc911e42022-02-14 08:45:11.113root 11241100x80000000000000001748033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.113{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f968a99218d46582022-02-14 08:45:11.113root 11241100x80000000000000001748034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.114{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acadae70f028f962022-02-14 08:45:11.114root 11241100x80000000000000001748035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.114{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e281000d86677832022-02-14 08:45:11.114root 11241100x80000000000000001748036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.114{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c6d08fa04b87562022-02-14 08:45:11.114root 11241100x80000000000000001748037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.114{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c660a64b66f6f02022-02-14 08:45:11.114root 11241100x80000000000000001748038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.114{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2880f1c5d2c8812022-02-14 08:45:11.114root 11241100x80000000000000001748039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.115{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee38c76ef7440d992022-02-14 08:45:11.115root 11241100x80000000000000001748040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.116{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96e2c558900edc62022-02-14 08:45:11.116root 11241100x80000000000000001748041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.116{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caea7c1f7c64fbbb2022-02-14 08:45:11.116root 11241100x80000000000000001748042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.116{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420448188d6a78472022-02-14 08:45:11.116root 11241100x80000000000000001748043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.117{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ab276ddbfd8b7a2022-02-14 08:45:11.117root 11241100x80000000000000001748044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.117{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059f9aa6820db1ea2022-02-14 08:45:11.117root 11241100x80000000000000001748045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.117{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068d052e9950e5a32022-02-14 08:45:11.117root 11241100x80000000000000001748046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.117{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2addbf4ced1919d2022-02-14 08:45:11.117root 11241100x80000000000000001748047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.118{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77636fcf5d0137922022-02-14 08:45:11.118root 11241100x80000000000000001748048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.119{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0ae26cfaa52d1a2022-02-14 08:45:11.119root 11241100x80000000000000001748049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.119{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837b10d04f6dbb822022-02-14 08:45:11.119root 11241100x80000000000000001748050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.119{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb41a0248c5a07b22022-02-14 08:45:11.119root 11241100x80000000000000001748051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.119{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff46804a00b5750a2022-02-14 08:45:11.119root 11241100x80000000000000001748052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.120{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240fdbb724a65c242022-02-14 08:45:11.120root 11241100x80000000000000001748053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.120{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25a1d55ec2cba732022-02-14 08:45:11.120root 11241100x80000000000000001748054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.120{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d10076d8e71f3942022-02-14 08:45:11.120root 11241100x80000000000000001748055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.120{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e515f071661e0b12022-02-14 08:45:11.120root 11241100x80000000000000001748056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.121{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05694d6ee1540c8e2022-02-14 08:45:11.121root 11241100x80000000000000001748057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.121{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8c965c88ed78ff2022-02-14 08:45:11.121root 11241100x80000000000000001748058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.121{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a582995932e289552022-02-14 08:45:11.121root 11241100x80000000000000001748059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.121{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6760c127330bafc22022-02-14 08:45:11.121root 11241100x80000000000000001748060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.121{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0943ecdd8bb26b5d2022-02-14 08:45:11.121root 11241100x80000000000000001748061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.122{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbb5822e622bed02022-02-14 08:45:11.122root 11241100x80000000000000001748062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.122{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66aa288bd38a5f52022-02-14 08:45:11.122root 11241100x80000000000000001748063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.123{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027bec0a10092c392022-02-14 08:45:11.123root 11241100x80000000000000001748064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.123{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fb321c36be00c22022-02-14 08:45:11.123root 11241100x80000000000000001748065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.123{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f02e750ad98ddf2022-02-14 08:45:11.123root 11241100x80000000000000001748066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.123{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1bbed7facae1be2022-02-14 08:45:11.123root 11241100x80000000000000001748067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.123{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a004eb22318f222022-02-14 08:45:11.123root 11241100x80000000000000001748068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.123{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53dd411d3ce1cef62022-02-14 08:45:11.123root 11241100x80000000000000001748069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.123{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d98c4b1bc5fba922022-02-14 08:45:11.123root 11241100x80000000000000001748070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.123{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e56617bb3296422022-02-14 08:45:11.123root 11241100x80000000000000001748071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.123{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621b201e5c17e8602022-02-14 08:45:11.123root 11241100x80000000000000001748072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.123{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c14ace178cfeef2022-02-14 08:45:11.123root 11241100x80000000000000001748073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.123{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c8e68bf2df0dc92022-02-14 08:45:11.123root 11241100x80000000000000001748074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.123{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6a845910e4b5082022-02-14 08:45:11.123root 11241100x80000000000000001748075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.123{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047a15cc24a4348e2022-02-14 08:45:11.123root 11241100x80000000000000001748076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.124{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0dbc8cbd91db112022-02-14 08:45:11.124root 11241100x80000000000000001748077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.124{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932b6a9f2982d6312022-02-14 08:45:11.124root 11241100x80000000000000001748078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.124{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f920e1459d2a8ced2022-02-14 08:45:11.124root 11241100x80000000000000001748079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.124{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03919ed0c915c992022-02-14 08:45:11.124root 11241100x80000000000000001748080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.124{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652e3f7538f3bfd22022-02-14 08:45:11.124root 11241100x80000000000000001748081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.124{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4acf2055768b4722022-02-14 08:45:11.124root 11241100x80000000000000001748082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.124{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cce06b11062ca12022-02-14 08:45:11.124root 11241100x80000000000000001748083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.124{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400425324eaf27ea2022-02-14 08:45:11.124root 11241100x80000000000000001748084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.124{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f490596ad08d3b722022-02-14 08:45:11.124root 11241100x80000000000000001748085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.124{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c16f4f20485cfb52022-02-14 08:45:11.124root 11241100x80000000000000001748086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.125{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0ff4338986d66c2022-02-14 08:45:11.125root 11241100x80000000000000001748087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.125{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bafb1039e0414072022-02-14 08:45:11.125root 11241100x80000000000000001748088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.125{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4a04ea8fb8c8c62022-02-14 08:45:11.125root 11241100x80000000000000001748089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.125{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e64dd25cbf4dc12022-02-14 08:45:11.125root 11241100x80000000000000001748090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433bbdd6b2b6cd4c2022-02-14 08:45:11.126root 11241100x80000000000000001748091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da6bba0cfec960f2022-02-14 08:45:11.126root 11241100x80000000000000001748092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d85ab85956f8c982022-02-14 08:45:11.126root 11241100x80000000000000001748093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb23e45a8ddd1d112022-02-14 08:45:11.126root 11241100x80000000000000001748094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9720bdb8dd5249782022-02-14 08:45:11.126root 11241100x80000000000000001748095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68c6609346f14b22022-02-14 08:45:11.126root 11241100x80000000000000001748096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8264e4d33a169e2022-02-14 08:45:11.126root 11241100x80000000000000001748097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e9322cf81028602022-02-14 08:45:11.126root 11241100x80000000000000001748098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d10f60854767d32022-02-14 08:45:11.126root 11241100x80000000000000001748099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b3694f79fb430d2022-02-14 08:45:11.126root 11241100x80000000000000001748100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece5dc439b0123ce2022-02-14 08:45:11.126root 11241100x80000000000000001748101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd25ed80684412a2022-02-14 08:45:11.126root 11241100x80000000000000001748102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4acddaf033b0f682022-02-14 08:45:11.126root 11241100x80000000000000001748103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04e65ec5c7954ed2022-02-14 08:45:11.126root 11241100x80000000000000001748104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e8e6dbe871d5da2022-02-14 08:45:11.126root 11241100x80000000000000001748105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d31506de8bb02d2022-02-14 08:45:11.126root 11241100x80000000000000001748106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.127{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920e48742a0218272022-02-14 08:45:11.127root 11241100x80000000000000001748107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.127{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fcdbf840a2f11a2022-02-14 08:45:11.127root 11241100x80000000000000001748108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.127{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990e0dd80f4b50ef2022-02-14 08:45:11.127root 11241100x80000000000000001748109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.127{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bf3aa86323acad2022-02-14 08:45:11.127root 11241100x80000000000000001748110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.127{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77837fc0bf48f4fc2022-02-14 08:45:11.127root 11241100x80000000000000001748111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.127{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3874ac62ed5a8cf2022-02-14 08:45:11.127root 11241100x80000000000000001748112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.127{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54033f83b432559e2022-02-14 08:45:11.127root 11241100x80000000000000001748113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.127{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32c19966a26d5d72022-02-14 08:45:11.127root 11241100x80000000000000001748114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.127{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f29b7846276803e2022-02-14 08:45:11.127root 11241100x80000000000000001748115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.127{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddacb36317e645852022-02-14 08:45:11.127root 11241100x80000000000000001748116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.127{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d28bc57063e95842022-02-14 08:45:11.127root 11241100x80000000000000001748117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.127{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d373dc757b54c7f42022-02-14 08:45:11.127root 11241100x80000000000000001748118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.127{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30743f61d3b69f92022-02-14 08:45:11.127root 11241100x80000000000000001748119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e547f23f2ec0e14d2022-02-14 08:45:11.128root 11241100x80000000000000001748120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8400e18c3281206e2022-02-14 08:45:11.128root 11241100x80000000000000001748121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a563a1911ae06052022-02-14 08:45:11.128root 11241100x80000000000000001748122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8db03ccc9e07e22022-02-14 08:45:11.128root 11241100x80000000000000001748123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06650ff436daeb02022-02-14 08:45:11.128root 11241100x80000000000000001748124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792b7e11a73925772022-02-14 08:45:11.128root 11241100x80000000000000001748125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b40a9d64e9277d2022-02-14 08:45:11.128root 11241100x80000000000000001748126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb56b84ea76779952022-02-14 08:45:11.128root 11241100x80000000000000001748127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e175a32edc9917652022-02-14 08:45:11.128root 11241100x80000000000000001748128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6967141991580b2022-02-14 08:45:11.128root 11241100x80000000000000001748129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd76a7032c9e1642022-02-14 08:45:11.128root 11241100x80000000000000001748130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e087dd699778e7a2022-02-14 08:45:11.128root 11241100x80000000000000001748131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c08c56d8df1d1572022-02-14 08:45:11.128root 11241100x80000000000000001748132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.130{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818a4e8fe8a489632022-02-14 08:45:11.130root 11241100x80000000000000001748133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.130{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4ed916c82da3552022-02-14 08:45:11.130root 11241100x80000000000000001748134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05548526bba00d4a2022-02-14 08:45:11.131root 11241100x80000000000000001748135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b174d011aa17ae852022-02-14 08:45:11.131root 11241100x80000000000000001748136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9783414840c5890d2022-02-14 08:45:11.131root 11241100x80000000000000001748137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad84f6ba1a6f13e2022-02-14 08:45:11.131root 11241100x80000000000000001748138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235b6bf3bb5a411e2022-02-14 08:45:11.131root 11241100x80000000000000001748139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aaba5859248dcd22022-02-14 08:45:11.131root 11241100x80000000000000001748140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b36dd7cfc21a09a2022-02-14 08:45:11.131root 11241100x80000000000000001748141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e68804c6a9a7b92022-02-14 08:45:11.131root 11241100x80000000000000001748142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ead762605bd1ea72022-02-14 08:45:11.131root 11241100x80000000000000001748143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978763bf8dc153072022-02-14 08:45:11.131root 11241100x80000000000000001748144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7e5645791679042022-02-14 08:45:11.131root 11241100x80000000000000001748145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddaab3defaed18a2022-02-14 08:45:11.131root 11241100x80000000000000001748146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7481bcd69547ee2022-02-14 08:45:11.131root 11241100x80000000000000001748147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ea81fac64648642022-02-14 08:45:11.131root 11241100x80000000000000001748148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a72b8e858b674b32022-02-14 08:45:11.131root 11241100x80000000000000001748149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04656049f21953642022-02-14 08:45:11.131root 11241100x80000000000000001748150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05db15b19b3f52222022-02-14 08:45:11.132root 11241100x80000000000000001748151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9a648027caf99d2022-02-14 08:45:11.132root 11241100x80000000000000001748152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4229c9a5b87d1932022-02-14 08:45:11.132root 11241100x80000000000000001748153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc3f75eae44a6c12022-02-14 08:45:11.132root 11241100x80000000000000001748154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d56923f634e15292022-02-14 08:45:11.132root 11241100x80000000000000001748155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09b6cc934c8e5322022-02-14 08:45:11.132root 11241100x80000000000000001748156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6ca723e09c01ad2022-02-14 08:45:11.132root 11241100x80000000000000001748157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94130a54c81ce8aa2022-02-14 08:45:11.132root 11241100x80000000000000001748158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6f5a51504d912a2022-02-14 08:45:11.132root 11241100x80000000000000001748159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7180f6a6407057bd2022-02-14 08:45:11.132root 11241100x80000000000000001748160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00bd22b9cfc58f72022-02-14 08:45:11.132root 11241100x80000000000000001748161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cf9c962bba87d72022-02-14 08:45:11.132root 11241100x80000000000000001748162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc89a1ac0fc245652022-02-14 08:45:11.132root 11241100x80000000000000001748163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435b64150f6615292022-02-14 08:45:11.132root 11241100x80000000000000001748164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6946c789e19aef3f2022-02-14 08:45:11.132root 11241100x80000000000000001748165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b3497f11d536972022-02-14 08:45:11.132root 11241100x80000000000000001748166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.133{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3bf596d315212b2022-02-14 08:45:11.133root 11241100x80000000000000001748167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.133{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670ad950e068d3b12022-02-14 08:45:11.133root 11241100x80000000000000001748168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.135{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc42af62a810eac02022-02-14 08:45:11.135root 11241100x80000000000000001748169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.135{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215bee3b78bf06632022-02-14 08:45:11.135root 11241100x80000000000000001748170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.135{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520e2727e3036c1c2022-02-14 08:45:11.135root 11241100x80000000000000001748171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.138{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238c51b871fda8362022-02-14 08:45:11.138root 11241100x80000000000000001748172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.138{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee155d1296e7cc22022-02-14 08:45:11.138root 11241100x80000000000000001748173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.138{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493698e492c65c9f2022-02-14 08:45:11.138root 11241100x80000000000000001748174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.139{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7455955d739cf3342022-02-14 08:45:11.139root 11241100x80000000000000001748175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.139{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76ea915b3c793e02022-02-14 08:45:11.139root 11241100x80000000000000001748176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.139{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982db108d99d04e42022-02-14 08:45:11.139root 11241100x80000000000000001748177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.139{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3d43cd5fe47c962022-02-14 08:45:11.139root 11241100x80000000000000001748178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.140{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e8e2c3e25d12a82022-02-14 08:45:11.140root 11241100x80000000000000001748179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.140{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf96b766cb9057e2022-02-14 08:45:11.140root 11241100x80000000000000001748180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.140{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a022f0a49bbc08c2022-02-14 08:45:11.140root 11241100x80000000000000001748181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.140{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf10f7d2ea9897a2022-02-14 08:45:11.140root 11241100x80000000000000001748182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.140{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9b16fa3d582d3b2022-02-14 08:45:11.140root 11241100x80000000000000001748183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.141{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f73e8203de12292022-02-14 08:45:11.141root 11241100x80000000000000001748184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.141{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10926d4a52cc07c22022-02-14 08:45:11.141root 11241100x80000000000000001748185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.141{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc76e2adea0e8b92022-02-14 08:45:11.141root 11241100x80000000000000001748186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.141{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb54dce7be8d8702022-02-14 08:45:11.141root 11241100x80000000000000001748187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.142{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2910f60c834d4b92022-02-14 08:45:11.142root 11241100x80000000000000001748188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.142{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9350514f5220292022-02-14 08:45:11.142root 11241100x80000000000000001748189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.142{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f971d4da4aa52f032022-02-14 08:45:11.142root 11241100x80000000000000001748190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.142{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78debe574ba918e72022-02-14 08:45:11.142root 11241100x80000000000000001748191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.142{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d0981eada636452022-02-14 08:45:11.142root 11241100x80000000000000001748192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.142{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b46759648110c732022-02-14 08:45:11.142root 11241100x80000000000000001748193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.143{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cc8dc8349aa6422022-02-14 08:45:11.143root 11241100x80000000000000001748194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.143{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330a526c7e5c2b6e2022-02-14 08:45:11.143root 11241100x80000000000000001748195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.143{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aca1f81cb2c5a4d2022-02-14 08:45:11.143root 11241100x80000000000000001748196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.851{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6eb6cdc75a1ee62022-02-14 08:45:11.851root 11241100x80000000000000001748197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:11.851{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32afd43f5c4985012022-02-14 08:45:11.851root 354300x80000000000000001748549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:18.137{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51510-false10.0.1.12-8000- 11241100x80000000000000001748550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:18.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d871b3fc3b250b2022-02-14 08:45:18.429root 11241100x80000000000000001748551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:18.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5c41d2b521e0822022-02-14 08:45:18.929root 11241100x80000000000000001748552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:19.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b5d598b99367b32022-02-14 08:45:19.429root 11241100x80000000000000001748553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:19.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2485804ce217ed72022-02-14 08:45:19.929root 11241100x80000000000000001748554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:20.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f074ee576477eb662022-02-14 08:45:20.429root 11241100x80000000000000001748555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:20.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac9de6a0409e2842022-02-14 08:45:20.929root 11241100x80000000000000001748556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:21.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a7c37dc10efdf92022-02-14 08:45:21.429root 11241100x80000000000000001748557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:21.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc13133517cde102022-02-14 08:45:21.929root 11241100x80000000000000001748558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:22.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81669e7a2982fc5a2022-02-14 08:45:22.429root 11241100x80000000000000001748559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:22.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb84531d0eaa7d1b2022-02-14 08:45:22.929root 354300x80000000000000001748560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:23.207{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51512-false10.0.1.12-8000- 11241100x80000000000000001748561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:23.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3338e947d9966cbf2022-02-14 08:45:23.208root 11241100x80000000000000001748562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:23.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9798937af4ddbb2022-02-14 08:45:23.679root 11241100x80000000000000001748563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:23.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f82f5c076a7febe2022-02-14 08:45:23.680root 11241100x80000000000000001748564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:24.179{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0baefebd8a4ad762022-02-14 08:45:24.179root 11241100x80000000000000001748565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:24.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700c8518abd312232022-02-14 08:45:24.180root 11241100x80000000000000001748566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:24.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6aa7603cd67b98e2022-02-14 08:45:24.679root 11241100x80000000000000001748567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:24.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3601337764204c982022-02-14 08:45:24.680root 11241100x80000000000000001748568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:25.179{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf2c047cf2eac962022-02-14 08:45:25.179root 11241100x80000000000000001748569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:25.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07d61e9cbbf34182022-02-14 08:45:25.180root 11241100x80000000000000001748570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:25.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57ed63758f8001c2022-02-14 08:45:25.679root 11241100x80000000000000001748571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:25.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0158c9e644e474b92022-02-14 08:45:25.680root 11241100x80000000000000001748572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:26.179{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb518fa5b0266d12022-02-14 08:45:26.179root 11241100x80000000000000001748573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:26.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067afcc8866e715c2022-02-14 08:45:26.180root 11241100x80000000000000001748574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:26.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0b32ac49a6a3432022-02-14 08:45:26.679root 11241100x80000000000000001748575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:26.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6032a57defe2ee442022-02-14 08:45:26.680root 11241100x80000000000000001748576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:27.179{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88cbae6a5ff04202022-02-14 08:45:27.179root 11241100x80000000000000001748577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:27.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8776196fac1292e32022-02-14 08:45:27.180root 11241100x80000000000000001748578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:27.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfba452d3733206d2022-02-14 08:45:27.679root 11241100x80000000000000001748579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:27.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076f740e32378efc2022-02-14 08:45:27.680root 11241100x80000000000000001748580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:28.179{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e260915ebc878a172022-02-14 08:45:28.179root 11241100x80000000000000001748581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:28.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e813c9fd9ea2b942022-02-14 08:45:28.180root 11241100x80000000000000001748582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:28.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f40cdb8fd2966d2022-02-14 08:45:28.679root 11241100x80000000000000001748583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:28.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d744ca8de0bfd50a2022-02-14 08:45:28.680root 354300x80000000000000001748584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:29.149{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51514-false10.0.1.12-8000- 11241100x80000000000000001748585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:29.150{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7309058db3ca4b282022-02-14 08:45:29.150root 11241100x80000000000000001748586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:29.150{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1902c0fd38ea0f2022-02-14 08:45:29.150root 11241100x80000000000000001748587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ce9e87074f83552022-02-14 08:45:29.430root 11241100x80000000000000001748588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef790c9c3cdf2a682022-02-14 08:45:29.430root 11241100x80000000000000001748589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5f2aedd06f96012022-02-14 08:45:29.430root 11241100x80000000000000001748590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f80b80425b20982022-02-14 08:45:29.930root 11241100x80000000000000001748591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dcc52f03d8bbf622022-02-14 08:45:29.930root 11241100x80000000000000001748592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffabd79fe3e0bfbe2022-02-14 08:45:29.930root 11241100x80000000000000001748593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f5343dc5adde1a2022-02-14 08:45:30.430root 11241100x80000000000000001748594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587649ec2ae1cb482022-02-14 08:45:30.430root 11241100x80000000000000001748595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966a108aa9f7870f2022-02-14 08:45:30.430root 11241100x80000000000000001748596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:30.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de28b2844c9fa2832022-02-14 08:45:30.929root 11241100x80000000000000001748597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80032f2beb0477122022-02-14 08:45:30.930root 11241100x80000000000000001748598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04a46757fb5ea6f2022-02-14 08:45:30.930root 11241100x80000000000000001748599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:31.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad4d06a3b505e612022-02-14 08:45:31.429root 11241100x80000000000000001748600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54ef17dbf9e3fef2022-02-14 08:45:31.430root 11241100x80000000000000001748601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1752958ea4bdf3262022-02-14 08:45:31.430root 11241100x80000000000000001748602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:31.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708d78c41ed850922022-02-14 08:45:31.929root 11241100x80000000000000001748603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6e2f64f91948eb2022-02-14 08:45:31.930root 11241100x80000000000000001748604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d584d1f9b069192022-02-14 08:45:31.930root 11241100x80000000000000001748605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:32.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b53dff8bb9358462022-02-14 08:45:32.429root 11241100x80000000000000001748606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:32.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e763ce4df72b2ab2022-02-14 08:45:32.430root 11241100x80000000000000001748607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:32.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461638878dd181ea2022-02-14 08:45:32.430root 11241100x80000000000000001748608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed65a7f43bbaf342022-02-14 08:45:32.930root 11241100x80000000000000001748609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b44dc4999ee8fc2022-02-14 08:45:32.930root 11241100x80000000000000001748610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2210cd793f43b5f2022-02-14 08:45:32.930root 11241100x80000000000000001748611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762c8857e93a98e62022-02-14 08:45:33.430root 11241100x80000000000000001748612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3d570d9ced94c12022-02-14 08:45:33.430root 11241100x80000000000000001748613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc36b852b562c7b72022-02-14 08:45:33.430root 11241100x80000000000000001748614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:33.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dab1649d43dd3c32022-02-14 08:45:33.930root 11241100x80000000000000001748615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:33.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a330446573cd31722022-02-14 08:45:33.930root 11241100x80000000000000001748616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:33.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce8df017a9acbc82022-02-14 08:45:33.930root 354300x80000000000000001748617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:34.179{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51516-false10.0.1.12-8000- 11241100x80000000000000001748618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ff501031b431792022-02-14 08:45:34.430root 11241100x80000000000000001748619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b9653f9a0d29192022-02-14 08:45:34.430root 11241100x80000000000000001748620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe56863b99672e5a2022-02-14 08:45:34.430root 11241100x80000000000000001748621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca37e65e71ee09082022-02-14 08:45:34.430root 154100x80000000000000001748622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:34.784{ec2ab09f-16ae-620a-68a4-0d72c0550000}2026/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2ab09f-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}871--- 11241100x80000000000000001748623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:34.788{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67729f9b9c1710d2022-02-14 08:45:34.788root 11241100x80000000000000001748624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:34.788{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f376fa61a91328d2022-02-14 08:45:34.788root 11241100x80000000000000001748625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:34.788{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6d63963c4683b32022-02-14 08:45:34.788root 11241100x80000000000000001748626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:34.788{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775d37c72d285a6e2022-02-14 08:45:34.788root 11241100x80000000000000001748627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:34.789{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca459345856b9fb2022-02-14 08:45:34.789root 534500x80000000000000001748628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:34.802{ec2ab09f-16ae-620a-68a4-0d72c0550000}2026/bin/psroot 11241100x80000000000000001748629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:35.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9ab15e247b4c522022-02-14 08:45:35.180root 11241100x80000000000000001748630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:35.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1283165a43315c2c2022-02-14 08:45:35.180root 11241100x80000000000000001748631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:35.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78b8fe28eb0b2072022-02-14 08:45:35.180root 11241100x80000000000000001748632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:35.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6cd511ee1ad7f62022-02-14 08:45:35.180root 11241100x80000000000000001748633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:35.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7f2b4bc0d034162022-02-14 08:45:35.180root 11241100x80000000000000001748634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:35.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07ef413a84379282022-02-14 08:45:35.180root 11241100x80000000000000001748635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:35.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ea4a316cc471682022-02-14 08:45:35.680root 11241100x80000000000000001748636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:35.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13aad3b37afeffb2022-02-14 08:45:35.680root 11241100x80000000000000001748637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:35.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c4f4cc2688e5832022-02-14 08:45:35.680root 11241100x80000000000000001748638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:35.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ec96aed8c52b3c2022-02-14 08:45:35.680root 11241100x80000000000000001748639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:35.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f849f541c6b0e8d22022-02-14 08:45:35.680root 11241100x80000000000000001748640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:35.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5446982a44c39a612022-02-14 08:45:35.680root 11241100x80000000000000001748641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:36.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057b416dfe6a395d2022-02-14 08:45:36.180root 11241100x80000000000000001748642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:36.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d287ca10bff181992022-02-14 08:45:36.180root 11241100x80000000000000001748643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:36.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3080e8f23c3573b2022-02-14 08:45:36.180root 11241100x80000000000000001748644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:36.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873f44f04bab128c2022-02-14 08:45:36.180root 11241100x80000000000000001748645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:36.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f6555aa6966ec82022-02-14 08:45:36.180root 11241100x80000000000000001748646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:36.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc110e28fc34fea2022-02-14 08:45:36.181root 11241100x80000000000000001748647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:36.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a96d68bee4d34162022-02-14 08:45:36.680root 11241100x80000000000000001748648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:36.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca383f8de3c039f2022-02-14 08:45:36.680root 11241100x80000000000000001748649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:36.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9db098ed3e4d2c2022-02-14 08:45:36.680root 11241100x80000000000000001748650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:36.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba580deb04119b072022-02-14 08:45:36.680root 11241100x80000000000000001748651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:36.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854ebf4d34f9607d2022-02-14 08:45:36.680root 11241100x80000000000000001748652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:36.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b0d3b4c062c3fb2022-02-14 08:45:36.680root 11241100x80000000000000001748653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:37.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9238363c1dce9f362022-02-14 08:45:37.180root 11241100x80000000000000001748654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:37.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa0fbe56555610b2022-02-14 08:45:37.180root 11241100x80000000000000001748655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:37.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ac32301bbe1d102022-02-14 08:45:37.180root 11241100x80000000000000001748656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:37.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6fce7726a25b2e2022-02-14 08:45:37.180root 11241100x80000000000000001748657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:37.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f4e2262e446be22022-02-14 08:45:37.180root 11241100x80000000000000001748658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:37.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70e59fa21da640e2022-02-14 08:45:37.181root 11241100x80000000000000001748659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:37.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e2402f2282b87f2022-02-14 08:45:37.680root 11241100x80000000000000001748660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:37.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a793b0418ee69e12022-02-14 08:45:37.680root 11241100x80000000000000001748661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:37.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec063ec69557eb8b2022-02-14 08:45:37.680root 11241100x80000000000000001748662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:37.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa35ecfa394ebfdd2022-02-14 08:45:37.680root 11241100x80000000000000001748663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:37.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce36e3fdc5276e8b2022-02-14 08:45:37.680root 11241100x80000000000000001748664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:37.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c8b356e87990e02022-02-14 08:45:37.680root 11241100x80000000000000001748665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:38.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2742c0be828f778f2022-02-14 08:45:38.180root 11241100x80000000000000001748666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:38.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83131c9a319fe1982022-02-14 08:45:38.180root 11241100x80000000000000001748667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:38.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e724edd087a3032022-02-14 08:45:38.180root 11241100x80000000000000001748668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:38.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84991b50330507bf2022-02-14 08:45:38.180root 11241100x80000000000000001748669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:38.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a0e8620c5f269d2022-02-14 08:45:38.180root 11241100x80000000000000001748670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:38.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4838b11cb3f111862022-02-14 08:45:38.180root 11241100x80000000000000001748671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:38.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898ba5b20d080ca02022-02-14 08:45:38.680root 11241100x80000000000000001748672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:38.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b29efd41fdb65b2022-02-14 08:45:38.680root 11241100x80000000000000001748673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:38.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14655aca0db187f52022-02-14 08:45:38.680root 11241100x80000000000000001748674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:38.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c6170425aaf1f42022-02-14 08:45:38.680root 11241100x80000000000000001748675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:38.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4b90d87f878dce2022-02-14 08:45:38.680root 11241100x80000000000000001748676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:38.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f480dea141759c922022-02-14 08:45:38.680root 11241100x80000000000000001748677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:39.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1d8814d46ea2532022-02-14 08:45:39.180root 11241100x80000000000000001748678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:39.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c496269c145ef52022-02-14 08:45:39.180root 11241100x80000000000000001748679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:39.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ff0fd22c2534482022-02-14 08:45:39.180root 11241100x80000000000000001748680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:39.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc07925a442498e72022-02-14 08:45:39.180root 11241100x80000000000000001748681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:39.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10146b1986b231302022-02-14 08:45:39.180root 11241100x80000000000000001748682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:39.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f64d314e78893172022-02-14 08:45:39.180root 354300x80000000000000001748683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:39.187{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51518-false10.0.1.12-8000- 11241100x80000000000000001748684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:39.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c367df46e2266e2022-02-14 08:45:39.680root 11241100x80000000000000001748685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:39.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacf821d5e37f6ac2022-02-14 08:45:39.680root 11241100x80000000000000001748686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:39.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae440297a9432ad92022-02-14 08:45:39.680root 11241100x80000000000000001748687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:39.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76e6dd6c0022a862022-02-14 08:45:39.680root 11241100x80000000000000001748688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:39.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18981376eb36bdc92022-02-14 08:45:39.680root 11241100x80000000000000001748689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:39.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cba5d7ca4b35c282022-02-14 08:45:39.680root 11241100x80000000000000001748690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:39.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3381327229bf902022-02-14 08:45:39.681root 11241100x80000000000000001748691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:40.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c82aa4afb31a152022-02-14 08:45:40.180root 11241100x80000000000000001748692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:40.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47b4cb0c43fa0462022-02-14 08:45:40.180root 11241100x80000000000000001748693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:40.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f645db6fcd1a0ea2022-02-14 08:45:40.180root 11241100x80000000000000001748694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:40.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3093770fb4da9d2022-02-14 08:45:40.180root 11241100x80000000000000001748695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:40.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef2109f5a4037112022-02-14 08:45:40.180root 11241100x80000000000000001748696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:40.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7efdc12c46661f2022-02-14 08:45:40.180root 11241100x80000000000000001748697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:40.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059e31056fe406702022-02-14 08:45:40.181root 11241100x80000000000000001748698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:40.212{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-02-14 08:45:40.212root 11241100x80000000000000001748699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:40.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3aaffe5e1bfc972022-02-14 08:45:40.680root 11241100x80000000000000001748700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:40.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fc95b92cf023862022-02-14 08:45:40.680root 11241100x80000000000000001748701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:40.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786d7801ff09e9222022-02-14 08:45:40.680root 11241100x80000000000000001748702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:40.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a174f1cc754a8a712022-02-14 08:45:40.680root 11241100x80000000000000001748703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:40.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d87fab34236f3c32022-02-14 08:45:40.680root 11241100x80000000000000001748704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:40.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48dc3ddb5753b2a2022-02-14 08:45:40.681root 11241100x80000000000000001748705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:40.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29dad1e376e45f02022-02-14 08:45:40.681root 11241100x80000000000000001748706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:40.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4869df3b97eb0c82022-02-14 08:45:40.681root 11241100x80000000000000001748707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:41.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f7992b18f44b622022-02-14 08:45:41.180root 11241100x80000000000000001748708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:41.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918f29c17841744b2022-02-14 08:45:41.180root 11241100x80000000000000001748709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:41.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7623db1bd304613a2022-02-14 08:45:41.180root 11241100x80000000000000001748710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:41.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff62328339eb74c2022-02-14 08:45:41.180root 11241100x80000000000000001748711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:41.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4837ccd1bfd998852022-02-14 08:45:41.180root 11241100x80000000000000001748712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:41.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97062fa9b0515eee2022-02-14 08:45:41.181root 11241100x80000000000000001748713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:41.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2305a81f0409692022-02-14 08:45:41.181root 11241100x80000000000000001748714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:41.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea52affdce07a002022-02-14 08:45:41.181root 11241100x80000000000000001748715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:41.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881a23ca895b4eec2022-02-14 08:45:41.680root 11241100x80000000000000001748716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:41.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96124b41bfa44d702022-02-14 08:45:41.680root 11241100x80000000000000001748717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:41.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f4db826197efb42022-02-14 08:45:41.680root 11241100x80000000000000001748718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:41.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950e3c8a218a04602022-02-14 08:45:41.680root 11241100x80000000000000001748719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:41.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdc77ffde4dccb32022-02-14 08:45:41.680root 11241100x80000000000000001748720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:41.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9441e3ffab2350a2022-02-14 08:45:41.681root 11241100x80000000000000001748721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:41.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b9489acbe25d982022-02-14 08:45:41.681root 11241100x80000000000000001748722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:41.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a974139224564d422022-02-14 08:45:41.681root 11241100x80000000000000001748723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:42.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96ee85241f05aa02022-02-14 08:45:42.180root 11241100x80000000000000001748724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:42.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfca60276ce04762022-02-14 08:45:42.180root 11241100x80000000000000001748725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:42.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a1b093bf1c5aa92022-02-14 08:45:42.180root 11241100x80000000000000001748726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:42.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b821789711162f222022-02-14 08:45:42.180root 11241100x80000000000000001748727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:42.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e385b404958d7d522022-02-14 08:45:42.180root 11241100x80000000000000001748728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:42.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee000cb2f0ad71b2022-02-14 08:45:42.180root 11241100x80000000000000001748729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:42.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d650d7add1f8501b2022-02-14 08:45:42.181root 11241100x80000000000000001748730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:42.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cc194108c98bc12022-02-14 08:45:42.181root 11241100x80000000000000001748731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:42.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ed1504607bcb482022-02-14 08:45:42.680root 11241100x80000000000000001748732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:42.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b420b11b0829aeb2022-02-14 08:45:42.680root 11241100x80000000000000001748733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:42.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0580c6199ccaa82022-02-14 08:45:42.680root 11241100x80000000000000001748734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:42.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b0ec6cecd284c42022-02-14 08:45:42.680root 11241100x80000000000000001748735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:42.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf30f2a013f61402022-02-14 08:45:42.680root 11241100x80000000000000001748736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:42.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2512515643b170cc2022-02-14 08:45:42.680root 11241100x80000000000000001748737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:42.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8683c512407869c2022-02-14 08:45:42.681root 11241100x80000000000000001748738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:42.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3e2689b896799d2022-02-14 08:45:42.681root 11241100x80000000000000001748739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:43.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa904bdf41c51c42022-02-14 08:45:43.180root 11241100x80000000000000001748740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:43.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f58899187b885662022-02-14 08:45:43.180root 11241100x80000000000000001748741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:43.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37df78b55f12af4a2022-02-14 08:45:43.181root 11241100x80000000000000001748742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:43.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9332b79e8594be62022-02-14 08:45:43.181root 11241100x80000000000000001748743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:43.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e7263c66cfd90c2022-02-14 08:45:43.181root 11241100x80000000000000001748744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:43.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c2432ac82370bf2022-02-14 08:45:43.181root 11241100x80000000000000001748745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:43.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bea7dc15f6c9b42022-02-14 08:45:43.181root 11241100x80000000000000001748746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:43.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648f64346c6befc52022-02-14 08:45:43.182root 23542300x80000000000000001748747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:43.214{ec2ab09f-1002-620a-3078-922c7d550000}1328root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000001748748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe26ccbdaf5742ab2022-02-14 08:45:43.680root 11241100x80000000000000001748749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15caa6b49d6b2ec72022-02-14 08:45:43.680root 11241100x80000000000000001748750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a18e36bf30765b2022-02-14 08:45:43.680root 11241100x80000000000000001748751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7039bbc1a1f3cd2022-02-14 08:45:43.680root 11241100x80000000000000001748752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468b549e5e7cbe8e2022-02-14 08:45:43.680root 11241100x80000000000000001748753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db556d359d7586a32022-02-14 08:45:43.680root 11241100x80000000000000001748754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f1844f77b409fe2022-02-14 08:45:43.680root 11241100x80000000000000001748755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922c58d2b6eb23972022-02-14 08:45:43.681root 11241100x80000000000000001748756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3676a417c4b2d5952022-02-14 08:45:43.681root 11241100x80000000000000001748757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8182f9e7419b6d9e2022-02-14 08:45:44.180root 11241100x80000000000000001748758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d71029d6dea4692022-02-14 08:45:44.180root 11241100x80000000000000001748759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d731a1d691a30a822022-02-14 08:45:44.180root 11241100x80000000000000001748760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0650da1f2c67662022-02-14 08:45:44.180root 11241100x80000000000000001748761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0d541c708ecc042022-02-14 08:45:44.180root 11241100x80000000000000001748762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6101c4399b110f142022-02-14 08:45:44.180root 11241100x80000000000000001748763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b6d75e89f16df72022-02-14 08:45:44.180root 11241100x80000000000000001748764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f88e05d37d33292022-02-14 08:45:44.181root 11241100x80000000000000001748765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5c76057e8e82132022-02-14 08:45:44.181root 11241100x80000000000000001748766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5de606e979c9e02022-02-14 08:45:44.680root 11241100x80000000000000001748767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2df94d4deecd24c2022-02-14 08:45:44.680root 11241100x80000000000000001748768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531ee3273c1e9a0e2022-02-14 08:45:44.680root 11241100x80000000000000001748769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c95ff0f6d45dbde2022-02-14 08:45:44.680root 11241100x80000000000000001748770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c3a35a0049c05a2022-02-14 08:45:44.680root 11241100x80000000000000001748771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d698c7ef404e5de22022-02-14 08:45:44.681root 11241100x80000000000000001748772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f62220af93813182022-02-14 08:45:44.681root 11241100x80000000000000001748773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee228f5324bc6b892022-02-14 08:45:44.681root 11241100x80000000000000001748774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68985e67fa8c92902022-02-14 08:45:44.681root 354300x80000000000000001748775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.106{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51520-false10.0.1.12-8000- 11241100x80000000000000001748776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58176f9434f56502022-02-14 08:45:45.107root 11241100x80000000000000001748777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e677f800ad04fbb2022-02-14 08:45:45.107root 11241100x80000000000000001748778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31667e9bfc3dce22022-02-14 08:45:45.107root 11241100x80000000000000001748779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d533e760c2cb7032022-02-14 08:45:45.108root 11241100x80000000000000001748780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d892e133d3e7c3c2022-02-14 08:45:45.108root 11241100x80000000000000001748781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d5985994766e6f2022-02-14 08:45:45.108root 11241100x80000000000000001748782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6237addf352e872022-02-14 08:45:45.108root 11241100x80000000000000001748783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646a0ff8ae01a2ee2022-02-14 08:45:45.108root 11241100x80000000000000001748784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fec08ea7556b9d2022-02-14 08:45:45.108root 11241100x80000000000000001748785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df02e9b4bcbfcd692022-02-14 08:45:45.108root 11241100x80000000000000001748786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ef65be867ff7c12022-02-14 08:45:45.429root 11241100x80000000000000001748787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9931f89ca014a62022-02-14 08:45:45.430root 11241100x80000000000000001748788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6c4ba3560c75532022-02-14 08:45:45.430root 11241100x80000000000000001748789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e6a848bd4ab6af2022-02-14 08:45:45.430root 11241100x80000000000000001748790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88593c8184b821f72022-02-14 08:45:45.430root 11241100x80000000000000001748791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a555e62eacc8caf2022-02-14 08:45:45.430root 11241100x80000000000000001748792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5365661c151e78042022-02-14 08:45:45.430root 11241100x80000000000000001748793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac70eb5e3a5839b32022-02-14 08:45:45.430root 11241100x80000000000000001748794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18f6a3bba2e48ca2022-02-14 08:45:45.430root 11241100x80000000000000001748795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40ca147f39fa7a32022-02-14 08:45:45.430root 11241100x80000000000000001748796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9a6d1884dee9582022-02-14 08:45:45.930root 11241100x80000000000000001748797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bfe46fcc7f12cd2022-02-14 08:45:45.930root 11241100x80000000000000001748798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be03dc024cf58a32022-02-14 08:45:45.930root 11241100x80000000000000001748799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d550e30336a1dc1f2022-02-14 08:45:45.931root 11241100x80000000000000001748800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84300db33967295e2022-02-14 08:45:45.931root 11241100x80000000000000001748801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e294a4ba037bede62022-02-14 08:45:45.931root 11241100x80000000000000001748802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717322264d2156212022-02-14 08:45:45.931root 11241100x80000000000000001748803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a82967c695bf9cf2022-02-14 08:45:45.931root 11241100x80000000000000001748804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4265dcdcb0080b82022-02-14 08:45:45.931root 11241100x80000000000000001748805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:45.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3736d15ecf6b2672022-02-14 08:45:45.931root 11241100x80000000000000001748806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9872a69151f3b8422022-02-14 08:45:46.430root 11241100x80000000000000001748807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf68d4ef23ccdc22022-02-14 08:45:46.430root 11241100x80000000000000001748808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da28d9fa1a56f2602022-02-14 08:45:46.430root 11241100x80000000000000001748809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bb0427d6b5e1dd2022-02-14 08:45:46.430root 11241100x80000000000000001748810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2eefb3c06bca8702022-02-14 08:45:46.430root 11241100x80000000000000001748811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7f4feb107394c82022-02-14 08:45:46.430root 11241100x80000000000000001748812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee56142772bb2942022-02-14 08:45:46.431root 11241100x80000000000000001748813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263a0db2e23ea5fc2022-02-14 08:45:46.431root 11241100x80000000000000001748814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c9c83b0031fcf82022-02-14 08:45:46.431root 11241100x80000000000000001748815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25805ea4b4b3c5a2022-02-14 08:45:46.431root 11241100x80000000000000001748816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d0af2d5ffc998f2022-02-14 08:45:46.930root 11241100x80000000000000001748817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca07c8cbe6b062892022-02-14 08:45:46.930root 11241100x80000000000000001748818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99074cee7db7a78d2022-02-14 08:45:46.930root 11241100x80000000000000001748819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593b6f78734715552022-02-14 08:45:46.930root 11241100x80000000000000001748820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438f70e6b83609682022-02-14 08:45:46.930root 11241100x80000000000000001748821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f6ee420b62af022022-02-14 08:45:46.930root 11241100x80000000000000001748822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6229d3fe051e4c102022-02-14 08:45:46.931root 11241100x80000000000000001748823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:46.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e9a06fb0e952d52022-02-14 08:45:46.932root 11241100x80000000000000001748824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:46.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaac6b4df8632762022-02-14 08:45:46.932root 11241100x80000000000000001748825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:46.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f050a6859aacc74f2022-02-14 08:45:46.932root 11241100x80000000000000001748826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:47.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35977e9d82dccea02022-02-14 08:45:47.429root 11241100x80000000000000001748827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb090e4ae226150a2022-02-14 08:45:47.430root 11241100x80000000000000001748828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a604ed201da743d12022-02-14 08:45:47.430root 11241100x80000000000000001748829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0b94fdae9e3ad32022-02-14 08:45:47.430root 11241100x80000000000000001748830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c3bdf9827af0a22022-02-14 08:45:47.430root 11241100x80000000000000001748831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8b73518f2152252022-02-14 08:45:47.430root 11241100x80000000000000001748832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1565c6712cc6a02022-02-14 08:45:47.430root 11241100x80000000000000001748833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfdc1e168e933682022-02-14 08:45:47.430root 11241100x80000000000000001748834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc45d761692778d62022-02-14 08:45:47.430root 11241100x80000000000000001748835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94c1db4623fb2da2022-02-14 08:45:47.430root 11241100x80000000000000001748836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0e43df3fe166982022-02-14 08:45:47.930root 11241100x80000000000000001748837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40de92fd3fbb11e82022-02-14 08:45:47.930root 11241100x80000000000000001748838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b132aba7dc90932022-02-14 08:45:47.930root 11241100x80000000000000001748839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c05c5248f757f32022-02-14 08:45:47.930root 11241100x80000000000000001748840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c25f559d50511a2022-02-14 08:45:47.930root 11241100x80000000000000001748841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6ce8fa9b3ce9052022-02-14 08:45:47.930root 11241100x80000000000000001748842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947f64907b4b52a52022-02-14 08:45:47.931root 11241100x80000000000000001748843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30a59455a65a9f82022-02-14 08:45:47.931root 11241100x80000000000000001748844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99a157e4d6421d52022-02-14 08:45:47.931root 11241100x80000000000000001748845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ba78e0c835ec6b2022-02-14 08:45:47.931root 11241100x80000000000000001748846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f401ec3d38f2bcae2022-02-14 08:45:48.430root 11241100x80000000000000001748847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601f1151779dfd7b2022-02-14 08:45:48.430root 11241100x80000000000000001748848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8af073edc1f0c6e2022-02-14 08:45:48.430root 11241100x80000000000000001748849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70bbbdaa69eb9622022-02-14 08:45:48.430root 11241100x80000000000000001748850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186b5ba8b2ed49a02022-02-14 08:45:48.430root 11241100x80000000000000001748851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:48.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ebc4b2810494bb2022-02-14 08:45:48.430root 11241100x80000000000000001748852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd15d6b04e63eb9c2022-02-14 08:45:48.431root 11241100x80000000000000001748853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bf9988850c762d2022-02-14 08:45:48.431root 11241100x80000000000000001748854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802d7155d49c236f2022-02-14 08:45:48.431root 11241100x80000000000000001748855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:48.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fa7504ecbb75732022-02-14 08:45:48.431root 11241100x80000000000000001748856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab746be50e4e8c702022-02-14 08:45:48.930root 11241100x80000000000000001748857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08675832f019be582022-02-14 08:45:48.930root 11241100x80000000000000001748858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8142791b332d455d2022-02-14 08:45:48.930root 11241100x80000000000000001748859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347da295194cf8202022-02-14 08:45:48.930root 11241100x80000000000000001748860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:48.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da943c414eb11f72022-02-14 08:45:48.930root 11241100x80000000000000001748861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1bbf4ea2358da52022-02-14 08:45:48.931root 11241100x80000000000000001748862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2090040129ab2e082022-02-14 08:45:48.931root 11241100x80000000000000001748863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7ddf031ec01a5d2022-02-14 08:45:48.931root 11241100x80000000000000001748864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9549e5ab2e4e44a92022-02-14 08:45:48.931root 11241100x80000000000000001748865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:48.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476a76f30d6dad162022-02-14 08:45:48.931root 11241100x80000000000000001748866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d839d0de31a90662022-02-14 08:45:49.430root 11241100x80000000000000001748867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5986baffd1d0db402022-02-14 08:45:49.430root 11241100x80000000000000001748868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9381dc03d961406d2022-02-14 08:45:49.430root 11241100x80000000000000001748869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b4a7aa1cf8c8542022-02-14 08:45:49.430root 11241100x80000000000000001748870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03fd4cfcfa834532022-02-14 08:45:49.430root 11241100x80000000000000001748871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:49.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e5c826f855afa52022-02-14 08:45:49.430root 11241100x80000000000000001748872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc996e8c21f707452022-02-14 08:45:49.431root 11241100x80000000000000001748873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549733a3ece3c1fd2022-02-14 08:45:49.431root 11241100x80000000000000001748874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c354d5715c0a1fb2022-02-14 08:45:49.431root 11241100x80000000000000001748875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:49.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09197659021069ad2022-02-14 08:45:49.431root 11241100x80000000000000001748876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a374886b36abf46e2022-02-14 08:45:49.930root 11241100x80000000000000001748877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8e0b8e38a2f6d22022-02-14 08:45:49.930root 11241100x80000000000000001748878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb37fcd9a435b6752022-02-14 08:45:49.930root 11241100x80000000000000001748879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f50a75995ad7d62022-02-14 08:45:49.930root 11241100x80000000000000001748880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b626505b5107d8b32022-02-14 08:45:49.930root 11241100x80000000000000001748881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:49.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286fb165ec6ee9a42022-02-14 08:45:49.930root 11241100x80000000000000001748882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fa490d597cedf62022-02-14 08:45:49.931root 11241100x80000000000000001748883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:49.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e77c21e35f318d2022-02-14 08:45:49.931root 11241100x80000000000000001748884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:49.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fac4638a2e69b702022-02-14 08:45:49.933root 11241100x80000000000000001748885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:49.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7ee140ca9c6dfa2022-02-14 08:45:49.933root 354300x80000000000000001748886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.141{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51522-false10.0.1.12-8000- 11241100x80000000000000001748887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926d60e6d53f6f252022-02-14 08:45:50.430root 11241100x80000000000000001748888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a297c5242ec366662022-02-14 08:45:50.430root 11241100x80000000000000001748889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149de968b972c7342022-02-14 08:45:50.430root 11241100x80000000000000001748890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a53a22b10933432022-02-14 08:45:50.430root 11241100x80000000000000001748891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892306cf00b172fb2022-02-14 08:45:50.430root 11241100x80000000000000001748892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f4e0caa7f3ca672022-02-14 08:45:50.430root 11241100x80000000000000001748893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ec553a65b5e61c2022-02-14 08:45:50.431root 11241100x80000000000000001748894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93573e5e38aaea922022-02-14 08:45:50.431root 11241100x80000000000000001748895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8194a9bff4325fee2022-02-14 08:45:50.431root 11241100x80000000000000001748896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef242f4ab66b0042022-02-14 08:45:50.431root 11241100x80000000000000001748897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec23cadadcee5932022-02-14 08:45:50.431root 11241100x80000000000000001748898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b9856a3d2c53372022-02-14 08:45:50.930root 11241100x80000000000000001748899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52889e2bea104bcf2022-02-14 08:45:50.930root 11241100x80000000000000001748900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5892fd20fc94792022-02-14 08:45:50.930root 11241100x80000000000000001748901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72dddd320311c6882022-02-14 08:45:50.931root 11241100x80000000000000001748902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b211d3b7555a912022-02-14 08:45:50.931root 11241100x80000000000000001748903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87d5a5a86a2b24b2022-02-14 08:45:50.931root 11241100x80000000000000001748904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13361ab5637b3d782022-02-14 08:45:50.931root 11241100x80000000000000001748905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d16b6cd6b652dc92022-02-14 08:45:50.931root 11241100x80000000000000001748906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e73ebeabe379832022-02-14 08:45:50.931root 11241100x80000000000000001748907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3150be8a1cf1b82022-02-14 08:45:50.931root 11241100x80000000000000001748908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:50.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1feae305a9c13942022-02-14 08:45:50.931root 11241100x80000000000000001748909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:51.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0bc275a10bac9a2022-02-14 08:45:51.430root 11241100x80000000000000001748910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:51.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f798fb8ecbd9129d2022-02-14 08:45:51.430root 11241100x80000000000000001748911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:51.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e9281dc8d8cd3d2022-02-14 08:45:51.430root 11241100x80000000000000001748912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:51.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ce9b43f105e3a32022-02-14 08:45:51.430root 11241100x80000000000000001748913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:51.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630d1e2a082b35ff2022-02-14 08:45:51.430root 11241100x80000000000000001748914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:51.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31b0fb7d9296e952022-02-14 08:45:51.430root 11241100x80000000000000001748915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:51.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3b49afb8e866752022-02-14 08:45:51.430root 11241100x80000000000000001748916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:51.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35359975bc4126462022-02-14 08:45:51.430root 11241100x80000000000000001748917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:51.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961138a231b7c6272022-02-14 08:45:51.431root 11241100x80000000000000001748918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:51.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8201f0944cc4e8372022-02-14 08:45:51.431root 11241100x80000000000000001748919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:51.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81860a24d1a915802022-02-14 08:45:51.431root 11241100x80000000000000001748920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ef1b0c9bdd5c212022-02-14 08:45:51.930root 11241100x80000000000000001748921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05bd76e82a11eb62022-02-14 08:45:51.930root 11241100x80000000000000001748922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df7759cecfefaa72022-02-14 08:45:51.930root 11241100x80000000000000001748923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6de3e3dbeafb6b82022-02-14 08:45:51.930root 11241100x80000000000000001748924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:51.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ba88c465b745a72022-02-14 08:45:51.930root 11241100x80000000000000001748925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843cd3a3c82d7bad2022-02-14 08:45:51.931root 11241100x80000000000000001748926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8484f227de3a23652022-02-14 08:45:51.931root 11241100x80000000000000001748927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3104e13622c653a52022-02-14 08:45:51.931root 11241100x80000000000000001748928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f007d00ab8ebdb3b2022-02-14 08:45:51.931root 11241100x80000000000000001748929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffe78bf17310a7a2022-02-14 08:45:51.931root 11241100x80000000000000001748930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:51.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34fec76d6bbeb072022-02-14 08:45:51.931root 11241100x80000000000000001748931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc1360bf795981a2022-02-14 08:45:52.430root 11241100x80000000000000001748932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7843889d022058342022-02-14 08:45:52.430root 11241100x80000000000000001748933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37b238ff5e0a4572022-02-14 08:45:52.430root 11241100x80000000000000001748934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bc54ae5e8aca9a2022-02-14 08:45:52.430root 11241100x80000000000000001748935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cd09f3242a9dbb2022-02-14 08:45:52.430root 11241100x80000000000000001748936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c486b0b93422d9012022-02-14 08:45:52.430root 11241100x80000000000000001748937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4049057342fc3f2022-02-14 08:45:52.430root 11241100x80000000000000001748938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c682f41130dc5dbc2022-02-14 08:45:52.431root 11241100x80000000000000001748939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9fd1bd4967c62d2022-02-14 08:45:52.431root 11241100x80000000000000001748940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3bf875df5795ad2022-02-14 08:45:52.431root 11241100x80000000000000001748941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62810b657a9566fe2022-02-14 08:45:52.431root 11241100x80000000000000001748942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703387266add03872022-02-14 08:45:52.930root 11241100x80000000000000001748943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df61add271be2142022-02-14 08:45:52.930root 11241100x80000000000000001748944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2a8a783470876b2022-02-14 08:45:52.930root 11241100x80000000000000001748945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3672a5a42c863a572022-02-14 08:45:52.930root 11241100x80000000000000001748946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528008f0657a75b32022-02-14 08:45:52.930root 11241100x80000000000000001748947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170b1ba6f7bba0422022-02-14 08:45:52.930root 11241100x80000000000000001748948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:52.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4aa256b7084be82022-02-14 08:45:52.930root 11241100x80000000000000001748949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac660ed2d28d5b02022-02-14 08:45:52.931root 11241100x80000000000000001748950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9ca7d5c74fe02f2022-02-14 08:45:52.931root 11241100x80000000000000001748951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bc8233d7bc62092022-02-14 08:45:52.931root 11241100x80000000000000001748952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:52.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a24cbe139c3eecd2022-02-14 08:45:52.931root 11241100x80000000000000001748953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34441c6b1f2be5632022-02-14 08:45:53.430root 11241100x80000000000000001748954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f27c0d9fac2d0c42022-02-14 08:45:53.430root 11241100x80000000000000001748955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3eb882e2edd67222022-02-14 08:45:53.431root 11241100x80000000000000001748956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbda45cf99f73e52022-02-14 08:45:53.431root 11241100x80000000000000001748957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e710d59aa71ea602022-02-14 08:45:53.431root 11241100x80000000000000001748958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06de227645a4d7f2022-02-14 08:45:53.431root 11241100x80000000000000001748959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd3645fd78ce4d72022-02-14 08:45:53.431root 11241100x80000000000000001748960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae19affbde1017cc2022-02-14 08:45:53.431root 11241100x80000000000000001748961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcd0eea8ff0aace2022-02-14 08:45:53.431root 11241100x80000000000000001748962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcbb6f2cdd1872832022-02-14 08:45:53.431root 11241100x80000000000000001748963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950e79e376bbb73a2022-02-14 08:45:53.432root 11241100x80000000000000001748964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:53.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4318eb45719e567f2022-02-14 08:45:53.929root 11241100x80000000000000001748965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690c06db0eea70722022-02-14 08:45:53.930root 11241100x80000000000000001748966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17de0e0c83f514e82022-02-14 08:45:53.930root 11241100x80000000000000001748967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1705ae032dfc305a2022-02-14 08:45:53.930root 11241100x80000000000000001748968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397f8085040c32202022-02-14 08:45:53.930root 11241100x80000000000000001748969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cad8bcff15f367c2022-02-14 08:45:53.930root 11241100x80000000000000001748970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae1263cbc360e752022-02-14 08:45:53.930root 11241100x80000000000000001748971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685e9b841ccd5f7a2022-02-14 08:45:53.930root 11241100x80000000000000001748972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18780ff435ea854b2022-02-14 08:45:53.930root 11241100x80000000000000001748973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c200a2c944d293e12022-02-14 08:45:53.930root 11241100x80000000000000001748974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ee9a7e97928b2d2022-02-14 08:45:53.931root 11241100x80000000000000001748975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1decd72452aa6b2022-02-14 08:45:54.430root 11241100x80000000000000001748976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc85383bf91c267a2022-02-14 08:45:54.430root 11241100x80000000000000001748977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdc596f3d25bec82022-02-14 08:45:54.430root 11241100x80000000000000001748978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf2fcc3d4ddce702022-02-14 08:45:54.430root 11241100x80000000000000001748979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e32729dc3ce36512022-02-14 08:45:54.431root 11241100x80000000000000001748980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bc6ac9faa068472022-02-14 08:45:54.431root 11241100x80000000000000001748981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4ec6f774adfc922022-02-14 08:45:54.431root 11241100x80000000000000001748982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32780990f314fad52022-02-14 08:45:54.431root 11241100x80000000000000001748983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b3766ff39c75c62022-02-14 08:45:54.431root 11241100x80000000000000001748984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ff183cc740f5c22022-02-14 08:45:54.431root 11241100x80000000000000001748985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8a681a9abde09a2022-02-14 08:45:54.431root 11241100x80000000000000001748986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:54.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186683ddc6a8d4062022-02-14 08:45:54.930root 11241100x80000000000000001748987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:54.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb0cef3fb2e81202022-02-14 08:45:54.930root 11241100x80000000000000001748988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:54.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6bb87910a18f152022-02-14 08:45:54.930root 11241100x80000000000000001748989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:54.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb0a505c7958ed22022-02-14 08:45:54.930root 11241100x80000000000000001748990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:54.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa3458de434aa6e2022-02-14 08:45:54.930root 11241100x80000000000000001748991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab232f6695f13302022-02-14 08:45:54.931root 11241100x80000000000000001748992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57c65bc87c7c33f2022-02-14 08:45:54.931root 11241100x80000000000000001748993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cbd12fde0185eb2022-02-14 08:45:54.931root 11241100x80000000000000001748994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bf2c9a38dac1672022-02-14 08:45:54.931root 11241100x80000000000000001748995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8ff88ddb0494ac2022-02-14 08:45:54.931root 11241100x80000000000000001748996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba556d667d0c3d7b2022-02-14 08:45:54.931root 11241100x80000000000000001748997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864e6aa5880882ed2022-02-14 08:45:55.430root 11241100x80000000000000001748998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9a89aa2434f39c2022-02-14 08:45:55.430root 11241100x80000000000000001748999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeed3b82514783f62022-02-14 08:45:55.430root 11241100x80000000000000001749000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f0c9a07f4776ec2022-02-14 08:45:55.430root 11241100x80000000000000001749001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852cb609fa6725882022-02-14 08:45:55.430root 11241100x80000000000000001749002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5951f7bbee35b332022-02-14 08:45:55.430root 11241100x80000000000000001749003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d498ba98cfdf0602022-02-14 08:45:55.430root 11241100x80000000000000001749004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cbc61ee0c6991b2022-02-14 08:45:55.430root 11241100x80000000000000001749005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05239b14eaa73f202022-02-14 08:45:55.430root 11241100x80000000000000001749006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3e2232f341fa432022-02-14 08:45:55.430root 11241100x80000000000000001749007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9516decc7b8bd5c32022-02-14 08:45:55.430root 11241100x80000000000000001749008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b393ad97b65ab92022-02-14 08:45:55.930root 11241100x80000000000000001749009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc9b6f214a33a982022-02-14 08:45:55.930root 11241100x80000000000000001749010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f3a0c7e11c70b52022-02-14 08:45:55.930root 11241100x80000000000000001749011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b369bce6af90072022-02-14 08:45:55.930root 11241100x80000000000000001749012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236b9c2d2b602d042022-02-14 08:45:55.930root 11241100x80000000000000001749013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246b69ff1f4a608d2022-02-14 08:45:55.930root 11241100x80000000000000001749014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b03a8b2699570612022-02-14 08:45:55.930root 11241100x80000000000000001749015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5c5a440158961f2022-02-14 08:45:55.930root 11241100x80000000000000001749016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:55.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd5e0995522df132022-02-14 08:45:55.931root 11241100x80000000000000001749017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:55.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7f93bb3d76e6862022-02-14 08:45:55.931root 11241100x80000000000000001749018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:55.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f373fda749a1def2022-02-14 08:45:55.931root 354300x80000000000000001749019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.112{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51524-false10.0.1.12-8000- 11241100x80000000000000001749020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2806eb7c2e65ea52022-02-14 08:45:56.432root 11241100x80000000000000001749021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3d77097c7a748c2022-02-14 08:45:56.432root 11241100x80000000000000001749022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2ff6e820e446682022-02-14 08:45:56.432root 11241100x80000000000000001749023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9288bb8196d9a62022-02-14 08:45:56.432root 11241100x80000000000000001749024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab7af71d15514402022-02-14 08:45:56.432root 11241100x80000000000000001749025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e100e9965d952d2022-02-14 08:45:56.433root 11241100x80000000000000001749026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe6c31098fc2d372022-02-14 08:45:56.433root 11241100x80000000000000001749027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f873a35f8534bfc2022-02-14 08:45:56.433root 11241100x80000000000000001749028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5ab4842218d52f2022-02-14 08:45:56.433root 11241100x80000000000000001749029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12349bd6348a0e192022-02-14 08:45:56.433root 11241100x80000000000000001749030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7eb07681c13d8032022-02-14 08:45:56.434root 11241100x80000000000000001749031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e80b03e210c8762022-02-14 08:45:56.434root 11241100x80000000000000001749032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb82d5f31976baa2022-02-14 08:45:56.930root 11241100x80000000000000001749033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacbb0b0955c17ae2022-02-14 08:45:56.930root 11241100x80000000000000001749034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179593db75d981aa2022-02-14 08:45:56.930root 11241100x80000000000000001749035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62cb6c3fd4487322022-02-14 08:45:56.930root 11241100x80000000000000001749036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249352575aee18432022-02-14 08:45:56.930root 11241100x80000000000000001749037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21a6072eedfb22a2022-02-14 08:45:56.930root 11241100x80000000000000001749038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf2cbd063cced4d2022-02-14 08:45:56.930root 11241100x80000000000000001749039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e254afe5902bf312022-02-14 08:45:56.931root 11241100x80000000000000001749040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ac415d398e77de2022-02-14 08:45:56.931root 11241100x80000000000000001749041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a6e2c19912a5832022-02-14 08:45:56.931root 11241100x80000000000000001749042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889b1f99bd0657cc2022-02-14 08:45:56.931root 11241100x80000000000000001749043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820b0846a914702d2022-02-14 08:45:56.931root 11241100x80000000000000001749044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604eba1ff0e06c792022-02-14 08:45:57.429root 11241100x80000000000000001749045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a0898ee58087462022-02-14 08:45:57.430root 11241100x80000000000000001749046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa07a0ce9ef73702022-02-14 08:45:57.430root 11241100x80000000000000001749047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0cfc70380ff0812022-02-14 08:45:57.430root 11241100x80000000000000001749048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51166bf776a445f82022-02-14 08:45:57.430root 11241100x80000000000000001749049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b3794525351f562022-02-14 08:45:57.430root 11241100x80000000000000001749050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3491fd62158ad8c02022-02-14 08:45:57.430root 11241100x80000000000000001749051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fa96cb81afc1ab2022-02-14 08:45:57.430root 11241100x80000000000000001749052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53151aa3ff07ccd2022-02-14 08:45:57.431root 11241100x80000000000000001749053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549cc7b52a8175492022-02-14 08:45:57.431root 11241100x80000000000000001749054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79dc20be02ac2bd12022-02-14 08:45:57.431root 11241100x80000000000000001749055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5a072266cbf7ab2022-02-14 08:45:57.431root 11241100x80000000000000001749056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2f558020d1a5fe2022-02-14 08:45:57.929root 11241100x80000000000000001749057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65c537862baed6b2022-02-14 08:45:57.930root 11241100x80000000000000001749058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3fbb002eb600bd2022-02-14 08:45:57.930root 11241100x80000000000000001749059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3337d926fc23aa332022-02-14 08:45:57.930root 11241100x80000000000000001749060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1c393a512cd6082022-02-14 08:45:57.930root 11241100x80000000000000001749061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ba52c6eaf3f8a82022-02-14 08:45:57.930root 11241100x80000000000000001749062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a39ca3526bd7bf2022-02-14 08:45:57.930root 11241100x80000000000000001749063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8347212628b633492022-02-14 08:45:57.930root 11241100x80000000000000001749064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973ed57a8b3486082022-02-14 08:45:57.930root 11241100x80000000000000001749065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdab156b131df2a2022-02-14 08:45:57.931root 11241100x80000000000000001749066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c9f1755f7e42a92022-02-14 08:45:57.931root 11241100x80000000000000001749067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:57.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae357ec8ac131652022-02-14 08:45:57.931root 11241100x80000000000000001749068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b913bd38a53342e2022-02-14 08:45:58.429root 11241100x80000000000000001749069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7551df6613333a0f2022-02-14 08:45:58.430root 11241100x80000000000000001749070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f78ad525117c2f2022-02-14 08:45:58.430root 11241100x80000000000000001749071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00890e7335a9f1b92022-02-14 08:45:58.430root 11241100x80000000000000001749072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abaad38f316248232022-02-14 08:45:58.430root 11241100x80000000000000001749073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a316848e885e7b072022-02-14 08:45:58.430root 11241100x80000000000000001749074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7827ef663db8c02022-02-14 08:45:58.430root 11241100x80000000000000001749075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc247a29e25d6aa92022-02-14 08:45:58.430root 11241100x80000000000000001749076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac28a65e162439c2022-02-14 08:45:58.430root 11241100x80000000000000001749077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f80a55f22789b92022-02-14 08:45:58.430root 11241100x80000000000000001749078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0a51b987daea7d2022-02-14 08:45:58.430root 11241100x80000000000000001749079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a6fc66fc4015a12022-02-14 08:45:58.430root 11241100x80000000000000001749080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7c774156f671662022-02-14 08:45:58.930root 11241100x80000000000000001749081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a050769ead377d5b2022-02-14 08:45:58.930root 11241100x80000000000000001749082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5b0cce010844512022-02-14 08:45:58.930root 11241100x80000000000000001749083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e38ed87d9e148722022-02-14 08:45:58.930root 11241100x80000000000000001749084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee54648cd1ddf7b2022-02-14 08:45:58.930root 11241100x80000000000000001749085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134fc8856fc4f5182022-02-14 08:45:58.930root 11241100x80000000000000001749086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ca8df00420b8af2022-02-14 08:45:58.930root 11241100x80000000000000001749087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d707e01328f77c032022-02-14 08:45:58.930root 11241100x80000000000000001749088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18933d01400402802022-02-14 08:45:58.931root 11241100x80000000000000001749089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017949e57d807c442022-02-14 08:45:58.931root 11241100x80000000000000001749090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9bd947c2bf2bfe82022-02-14 08:45:58.931root 11241100x80000000000000001749091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:58.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1929addf275f28502022-02-14 08:45:58.931root 11241100x80000000000000001749092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e6273b503440ae2022-02-14 08:45:59.429root 11241100x80000000000000001749093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a1a5e9552887e32022-02-14 08:45:59.430root 11241100x80000000000000001749094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875c415129a019c32022-02-14 08:45:59.430root 11241100x80000000000000001749095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04016801e29730362022-02-14 08:45:59.430root 11241100x80000000000000001749096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3588a2f9822756502022-02-14 08:45:59.430root 11241100x80000000000000001749097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623524be91ef09eb2022-02-14 08:45:59.430root 11241100x80000000000000001749098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb656e3db1aa85b52022-02-14 08:45:59.431root 11241100x80000000000000001749099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fc2db6500f55df2022-02-14 08:45:59.431root 11241100x80000000000000001749100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa078d9171ffff0e2022-02-14 08:45:59.431root 11241100x80000000000000001749101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c90f93e1ae2368f2022-02-14 08:45:59.431root 11241100x80000000000000001749102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a8bdf7773bb14f2022-02-14 08:45:59.431root 11241100x80000000000000001749103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d13d2533c2fa2f82022-02-14 08:45:59.431root 11241100x80000000000000001749104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c0e2f4c693c6672022-02-14 08:45:59.929root 11241100x80000000000000001749105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ba347acc0f6b662022-02-14 08:45:59.930root 11241100x80000000000000001749106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624c3af068d801092022-02-14 08:45:59.930root 11241100x80000000000000001749107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e099d6d1d693372022-02-14 08:45:59.930root 11241100x80000000000000001749108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7606e93a759de62022-02-14 08:45:59.930root 11241100x80000000000000001749109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53afe7ff1096f17d2022-02-14 08:45:59.930root 11241100x80000000000000001749110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3d5d35774b032c2022-02-14 08:45:59.930root 11241100x80000000000000001749111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89705fc012a3f47b2022-02-14 08:45:59.930root 11241100x80000000000000001749112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222b3e675cef690f2022-02-14 08:45:59.930root 11241100x80000000000000001749113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8238318b2a6f0d262022-02-14 08:45:59.930root 11241100x80000000000000001749114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b4eec479df58562022-02-14 08:45:59.931root 11241100x80000000000000001749115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:45:59.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f52048e56c9e502022-02-14 08:45:59.931root 11241100x80000000000000001749116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab85cf088ff7dad62022-02-14 08:46:00.429root 11241100x80000000000000001749117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ec54ca7490595b2022-02-14 08:46:00.430root 11241100x80000000000000001749118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff43ee58aa69a6a2022-02-14 08:46:00.430root 11241100x80000000000000001749119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7ab91be68fbf162022-02-14 08:46:00.430root 11241100x80000000000000001749120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5708d792c5f1e1f2022-02-14 08:46:00.430root 11241100x80000000000000001749121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77206d2537c1c8f2022-02-14 08:46:00.431root 11241100x80000000000000001749122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b150fadde4eadf582022-02-14 08:46:00.431root 11241100x80000000000000001749123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0fe9662500c5a12022-02-14 08:46:00.431root 11241100x80000000000000001749124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ce3f55e5bb72c62022-02-14 08:46:00.431root 11241100x80000000000000001749125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e7ff0197b7704c2022-02-14 08:46:00.431root 11241100x80000000000000001749126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e87870df0a1e7c32022-02-14 08:46:00.432root 11241100x80000000000000001749127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bda890cd0c28a3f2022-02-14 08:46:00.432root 11241100x80000000000000001749128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e04308737a2c8512022-02-14 08:46:00.929root 11241100x80000000000000001749129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbe86041e14eb452022-02-14 08:46:00.930root 11241100x80000000000000001749130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eea498a6b9481182022-02-14 08:46:00.930root 11241100x80000000000000001749131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5310f83620c1742022-02-14 08:46:00.930root 11241100x80000000000000001749132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9391e523f5aee3fb2022-02-14 08:46:00.930root 11241100x80000000000000001749133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcd0d2fc1f7bd5f2022-02-14 08:46:00.930root 11241100x80000000000000001749134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693952b5a98e63892022-02-14 08:46:00.931root 11241100x80000000000000001749135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95b917be1c1fc5f2022-02-14 08:46:00.934root 11241100x80000000000000001749136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00019115d0f426542022-02-14 08:46:00.934root 11241100x80000000000000001749137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ceec0446f0ccad52022-02-14 08:46:00.934root 11241100x80000000000000001749138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c8e4c0ce9fc2f12022-02-14 08:46:00.934root 11241100x80000000000000001749139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:00.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad5bd3fd22807b12022-02-14 08:46:00.934root 354300x80000000000000001749140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.210{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51526-false10.0.1.12-8000- 11241100x80000000000000001749141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71a0a59778566ae2022-02-14 08:46:01.211root 11241100x80000000000000001749142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0739833ab7c471102022-02-14 08:46:01.212root 11241100x80000000000000001749143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f4eabd4e6f794b2022-02-14 08:46:01.212root 11241100x80000000000000001749144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a375cffa0942718d2022-02-14 08:46:01.212root 11241100x80000000000000001749145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a14640aca0cd6ca2022-02-14 08:46:01.212root 11241100x80000000000000001749146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8653901fd9d43472022-02-14 08:46:01.212root 11241100x80000000000000001749147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296155743aff72442022-02-14 08:46:01.212root 11241100x80000000000000001749148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4c4c396d26cba82022-02-14 08:46:01.212root 11241100x80000000000000001749149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa06f1078aabe9a22022-02-14 08:46:01.212root 11241100x80000000000000001749150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17bb19fbaeaaf22b2022-02-14 08:46:01.212root 11241100x80000000000000001749151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c7c7c5a0dc38cb2022-02-14 08:46:01.212root 11241100x80000000000000001749152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc645a951e7303b62022-02-14 08:46:01.212root 11241100x80000000000000001749153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7354850fdd31772022-02-14 08:46:01.213root 11241100x80000000000000001749154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde5a099bd5d36792022-02-14 08:46:01.680root 11241100x80000000000000001749155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00395f4d1853c64f2022-02-14 08:46:01.680root 11241100x80000000000000001749156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3ba530b7484bde2022-02-14 08:46:01.680root 11241100x80000000000000001749157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2077fb262fb6c0c2022-02-14 08:46:01.680root 11241100x80000000000000001749158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d011df4b38346e32022-02-14 08:46:01.680root 11241100x80000000000000001749159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9f0a080fdd734d2022-02-14 08:46:01.680root 11241100x80000000000000001749160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651f785bf28e99972022-02-14 08:46:01.680root 11241100x80000000000000001749161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b36993216abeb72022-02-14 08:46:01.680root 11241100x80000000000000001749162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f4e16fb59f69282022-02-14 08:46:01.680root 11241100x80000000000000001749163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcee978dca7c00a2022-02-14 08:46:01.681root 11241100x80000000000000001749164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03c54e147ff4d452022-02-14 08:46:01.681root 11241100x80000000000000001749165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dab82f0ffe52b5f2022-02-14 08:46:01.681root 11241100x80000000000000001749166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:01.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9956722b4cc0946d2022-02-14 08:46:01.681root 11241100x80000000000000001749167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5864c4dbf5b7a56d2022-02-14 08:46:02.180root 11241100x80000000000000001749168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9ff59273eec6ec2022-02-14 08:46:02.180root 11241100x80000000000000001749169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097e3ab620412ec32022-02-14 08:46:02.180root 11241100x80000000000000001749170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b009470911263f862022-02-14 08:46:02.180root 11241100x80000000000000001749171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e337f650857abd72022-02-14 08:46:02.180root 11241100x80000000000000001749172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190cf11b75b67e222022-02-14 08:46:02.180root 11241100x80000000000000001749173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524da15d4879136d2022-02-14 08:46:02.180root 11241100x80000000000000001749174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3ffb8d322140522022-02-14 08:46:02.181root 11241100x80000000000000001749175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cb6ec293ed7b302022-02-14 08:46:02.181root 11241100x80000000000000001749176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82098e34f8649daf2022-02-14 08:46:02.181root 11241100x80000000000000001749177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7aab970174be4ce2022-02-14 08:46:02.181root 11241100x80000000000000001749178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a4abccd4c31a8a2022-02-14 08:46:02.181root 11241100x80000000000000001749179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d1fb5b76fbec832022-02-14 08:46:02.181root 11241100x80000000000000001749180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972ffd8f34853f082022-02-14 08:46:02.680root 11241100x80000000000000001749181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a861ecc5f1820f02022-02-14 08:46:02.680root 11241100x80000000000000001749182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb485a24779f37e92022-02-14 08:46:02.680root 11241100x80000000000000001749183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d113393c0c5a424c2022-02-14 08:46:02.680root 11241100x80000000000000001749184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074622a2b0b708da2022-02-14 08:46:02.680root 11241100x80000000000000001749185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab70a611ad3d3b82022-02-14 08:46:02.680root 11241100x80000000000000001749186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8436cf01b5a18142022-02-14 08:46:02.680root 11241100x80000000000000001749187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943b039eca89e4a52022-02-14 08:46:02.680root 11241100x80000000000000001749188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbe751947e57ad02022-02-14 08:46:02.681root 11241100x80000000000000001749189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5692c8a1f0778ddc2022-02-14 08:46:02.681root 11241100x80000000000000001749190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe40284d1cc5b8c2022-02-14 08:46:02.681root 11241100x80000000000000001749191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b46ae7a55b246f2022-02-14 08:46:02.681root 11241100x80000000000000001749192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2e6d63332966fc2022-02-14 08:46:02.681root 11241100x80000000000000001749193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82e96b77652ff802022-02-14 08:46:03.180root 11241100x80000000000000001749194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e653e05273c4902022-02-14 08:46:03.180root 11241100x80000000000000001749195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247db5d715e81f192022-02-14 08:46:03.180root 11241100x80000000000000001749196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b63106a4a501fa2022-02-14 08:46:03.180root 11241100x80000000000000001749197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acc6607637905b52022-02-14 08:46:03.180root 11241100x80000000000000001749198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e1a947aac5e6792022-02-14 08:46:03.180root 11241100x80000000000000001749199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bc710e73a3b3bf2022-02-14 08:46:03.180root 11241100x80000000000000001749200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318c8b1073cb90082022-02-14 08:46:03.181root 11241100x80000000000000001749201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ca942cb742cf2a2022-02-14 08:46:03.181root 11241100x80000000000000001749202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae975c2bcfc06d72022-02-14 08:46:03.181root 11241100x80000000000000001749203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a14ccc7c825d6a2022-02-14 08:46:03.181root 11241100x80000000000000001749204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcaa16519922b6b2022-02-14 08:46:03.181root 11241100x80000000000000001749205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25111a7ea93cd0102022-02-14 08:46:03.181root 11241100x80000000000000001749206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320a28aa8a7686a02022-02-14 08:46:03.680root 11241100x80000000000000001749207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d4bc733d426cc92022-02-14 08:46:03.680root 11241100x80000000000000001749208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b34b9cad89a8fa72022-02-14 08:46:03.680root 11241100x80000000000000001749209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038bbef01ed51f552022-02-14 08:46:03.680root 11241100x80000000000000001749210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66428c0bd9579152022-02-14 08:46:03.680root 11241100x80000000000000001749211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95104a409610a5fb2022-02-14 08:46:03.680root 11241100x80000000000000001749212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157f40c26f9109192022-02-14 08:46:03.680root 11241100x80000000000000001749213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb05cebbcb0756472022-02-14 08:46:03.681root 11241100x80000000000000001749214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3767fe09136a2d2022-02-14 08:46:03.681root 11241100x80000000000000001749215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d771f4dba6d80692022-02-14 08:46:03.681root 11241100x80000000000000001749216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107fbecd0a7fb18c2022-02-14 08:46:03.681root 11241100x80000000000000001749217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d73e285e1f987932022-02-14 08:46:03.681root 11241100x80000000000000001749218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:03.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55025337ac93fe602022-02-14 08:46:03.681root 11241100x80000000000000001749219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.179{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77f278745e9098c2022-02-14 08:46:04.179root 11241100x80000000000000001749220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc59203261595f72022-02-14 08:46:04.180root 11241100x80000000000000001749221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd005b6c639aa7402022-02-14 08:46:04.180root 11241100x80000000000000001749222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981033037e660e342022-02-14 08:46:04.180root 11241100x80000000000000001749223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e17e858a80bae62022-02-14 08:46:04.180root 11241100x80000000000000001749224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a280e4cfd230c83b2022-02-14 08:46:04.180root 11241100x80000000000000001749225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b864b309cabd82e2022-02-14 08:46:04.180root 11241100x80000000000000001749226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304cc4e2f3231be12022-02-14 08:46:04.180root 11241100x80000000000000001749227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78dbde129608186b2022-02-14 08:46:04.180root 11241100x80000000000000001749228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ec64c0a6b87af82022-02-14 08:46:04.180root 11241100x80000000000000001749229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192924a1f2d235bf2022-02-14 08:46:04.181root 11241100x80000000000000001749230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91668d8720623ff12022-02-14 08:46:04.181root 11241100x80000000000000001749231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49db6060c8e4d752022-02-14 08:46:04.181root 11241100x80000000000000001749232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c253c444d78f3ff72022-02-14 08:46:04.680root 11241100x80000000000000001749233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf53c763a747b332022-02-14 08:46:04.680root 11241100x80000000000000001749234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a9ab794cdf1e892022-02-14 08:46:04.680root 11241100x80000000000000001749235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7712999502101c2022-02-14 08:46:04.680root 11241100x80000000000000001749236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65e9079a25b01532022-02-14 08:46:04.680root 11241100x80000000000000001749237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8922b4978a4d9c1d2022-02-14 08:46:04.680root 11241100x80000000000000001749238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93e7ff333d60fa82022-02-14 08:46:04.680root 11241100x80000000000000001749239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be377705adbffbd2022-02-14 08:46:04.681root 11241100x80000000000000001749240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f062c42ddc0dd5032022-02-14 08:46:04.681root 11241100x80000000000000001749241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83e7cdf6d4dd6cb2022-02-14 08:46:04.681root 11241100x80000000000000001749242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a4daf36921ada42022-02-14 08:46:04.681root 11241100x80000000000000001749243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf1afef3d64f5b32022-02-14 08:46:04.681root 11241100x80000000000000001749244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:04.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1f934ab7817c032022-02-14 08:46:04.681root 11241100x80000000000000001749245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55d95f6e45b45892022-02-14 08:46:05.181root 11241100x80000000000000001749246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490da0f931e8fc1b2022-02-14 08:46:05.181root 11241100x80000000000000001749247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9f9195452907032022-02-14 08:46:05.181root 11241100x80000000000000001749248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc623976c0cc4542022-02-14 08:46:05.181root 11241100x80000000000000001749249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fd1e69fdfb086d2022-02-14 08:46:05.181root 11241100x80000000000000001749250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add067904d8dfba22022-02-14 08:46:05.181root 11241100x80000000000000001749251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9455d761016a79a62022-02-14 08:46:05.181root 11241100x80000000000000001749252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac3d8e5196cb0352022-02-14 08:46:05.181root 11241100x80000000000000001749253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fa752de00d38012022-02-14 08:46:05.182root 11241100x80000000000000001749254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e1f1c1df87223b2022-02-14 08:46:05.182root 11241100x80000000000000001749255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d6bf14e1f951682022-02-14 08:46:05.182root 11241100x80000000000000001749256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67f7e6902eacfff2022-02-14 08:46:05.182root 11241100x80000000000000001749257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f5fe93ac7b1ff22022-02-14 08:46:05.182root 11241100x80000000000000001749258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416f9c1715461d4e2022-02-14 08:46:05.680root 11241100x80000000000000001749259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced7b6001a31d4cb2022-02-14 08:46:05.680root 11241100x80000000000000001749260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be4df2022baabd22022-02-14 08:46:05.680root 11241100x80000000000000001749261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddff5ca6bbc1feb2022-02-14 08:46:05.680root 11241100x80000000000000001749262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d69543768727572022-02-14 08:46:05.680root 11241100x80000000000000001749263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e506ac880e8ba0692022-02-14 08:46:05.681root 11241100x80000000000000001749264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad62cb365d8edf82022-02-14 08:46:05.681root 11241100x80000000000000001749265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597182dfa0c3f7232022-02-14 08:46:05.681root 11241100x80000000000000001749266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06858ad47c2b6bf22022-02-14 08:46:05.681root 11241100x80000000000000001749267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e1f83d23e489e92022-02-14 08:46:05.681root 11241100x80000000000000001749268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bec32b20e4700f92022-02-14 08:46:05.681root 11241100x80000000000000001749269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091dff70d148626c2022-02-14 08:46:05.681root 11241100x80000000000000001749270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:05.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b097b0fe24a7ffa22022-02-14 08:46:05.681root 11241100x80000000000000001749271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98c0db9e12248722022-02-14 08:46:06.180root 11241100x80000000000000001749272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d416455a33898e22022-02-14 08:46:06.180root 11241100x80000000000000001749273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967de56a651a04322022-02-14 08:46:06.180root 11241100x80000000000000001749274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064e4fdec52400d32022-02-14 08:46:06.180root 11241100x80000000000000001749275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffadd9095fffdb12022-02-14 08:46:06.180root 11241100x80000000000000001749276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a8002258c506ef2022-02-14 08:46:06.180root 11241100x80000000000000001749277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f438b94c94ddfb662022-02-14 08:46:06.180root 11241100x80000000000000001749278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e815520d1ad710b2022-02-14 08:46:06.181root 11241100x80000000000000001749279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c0b0c57891d8022022-02-14 08:46:06.181root 11241100x80000000000000001749280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb493abf5663cc082022-02-14 08:46:06.181root 11241100x80000000000000001749281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035a538adbe08c262022-02-14 08:46:06.181root 11241100x80000000000000001749282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1f43b84b265c982022-02-14 08:46:06.181root 11241100x80000000000000001749283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52141a5be3b0b9072022-02-14 08:46:06.181root 11241100x80000000000000001749284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6919f0ed510a392022-02-14 08:46:06.680root 11241100x80000000000000001749285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e5da067f3d656f2022-02-14 08:46:06.680root 11241100x80000000000000001749286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8bd14ce1bf79262022-02-14 08:46:06.680root 11241100x80000000000000001749287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0890c43723e8f62022-02-14 08:46:06.680root 11241100x80000000000000001749288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0911cb51897e52a12022-02-14 08:46:06.680root 11241100x80000000000000001749289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74dfaf969c0967302022-02-14 08:46:06.680root 11241100x80000000000000001749290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cea38bdad358d402022-02-14 08:46:06.680root 11241100x80000000000000001749291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26d995e68b16c552022-02-14 08:46:06.681root 11241100x80000000000000001749292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe02a292b0ddf7a2022-02-14 08:46:06.681root 11241100x80000000000000001749293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268e0cbf14d2887d2022-02-14 08:46:06.681root 11241100x80000000000000001749294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a7af7dfc74a9a52022-02-14 08:46:06.681root 11241100x80000000000000001749295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77790e09c521bf82022-02-14 08:46:06.681root 11241100x80000000000000001749296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:06.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e257d6a8e13e332022-02-14 08:46:06.681root 11241100x80000000000000001749297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a6c073acdf6b8e2022-02-14 08:46:07.180root 11241100x80000000000000001749298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9596e98ab1d0252022-02-14 08:46:07.180root 11241100x80000000000000001749299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6d8c5efacfa4db2022-02-14 08:46:07.180root 11241100x80000000000000001749300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca74abc4ad1d73292022-02-14 08:46:07.180root 11241100x80000000000000001749301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5114b47f2edb322022-02-14 08:46:07.180root 11241100x80000000000000001749302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06cfe7184dec6492022-02-14 08:46:07.181root 11241100x80000000000000001749303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee1634024a274a22022-02-14 08:46:07.181root 11241100x80000000000000001749304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1d703f92437f3e2022-02-14 08:46:07.181root 11241100x80000000000000001749305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf85e368dcebf3e62022-02-14 08:46:07.181root 11241100x80000000000000001749306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1481a0502514a1352022-02-14 08:46:07.181root 11241100x80000000000000001749307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58388d17a1b132d02022-02-14 08:46:07.181root 11241100x80000000000000001749308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ad3fdd2c143bf52022-02-14 08:46:07.181root 11241100x80000000000000001749309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f08d5fc50dd65d2022-02-14 08:46:07.181root 354300x80000000000000001749310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.195{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51528-false10.0.1.12-8000- 11241100x80000000000000001749311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd3e406c0472ed32022-02-14 08:46:07.680root 11241100x80000000000000001749312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88740f782521cdc02022-02-14 08:46:07.680root 11241100x80000000000000001749313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2318bdda48af49182022-02-14 08:46:07.680root 11241100x80000000000000001749314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378a4be4f62f52672022-02-14 08:46:07.680root 11241100x80000000000000001749315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26119a40a4b5c01d2022-02-14 08:46:07.680root 11241100x80000000000000001749316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bdeec8a24e46902022-02-14 08:46:07.680root 11241100x80000000000000001749317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cd2f4030d120652022-02-14 08:46:07.681root 11241100x80000000000000001749318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cc453b39bc4ff52022-02-14 08:46:07.681root 11241100x80000000000000001749319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65746faacbfb82052022-02-14 08:46:07.681root 11241100x80000000000000001749320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c488908bc769d522022-02-14 08:46:07.681root 11241100x80000000000000001749321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cef8e4017a66b342022-02-14 08:46:07.681root 11241100x80000000000000001749322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f79fd618f71f1bf2022-02-14 08:46:07.681root 11241100x80000000000000001749323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17036251a8607f612022-02-14 08:46:07.681root 11241100x80000000000000001749324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:07.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566a56f4555706842022-02-14 08:46:07.681root 11241100x80000000000000001749325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47623d23aca4f882022-02-14 08:46:08.180root 11241100x80000000000000001749326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7c05dc647812372022-02-14 08:46:08.180root 11241100x80000000000000001749327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2342cac074af77572022-02-14 08:46:08.180root 11241100x80000000000000001749328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c367648be5da7e2022-02-14 08:46:08.180root 11241100x80000000000000001749329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6157e7ca053c2622022-02-14 08:46:08.180root 11241100x80000000000000001749330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2b5c610f0ed2532022-02-14 08:46:08.180root 11241100x80000000000000001749331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7657cc4dc739d9e2022-02-14 08:46:08.180root 11241100x80000000000000001749332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1ae7345e7ff46f2022-02-14 08:46:08.180root 11241100x80000000000000001749333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88382d91833da8b42022-02-14 08:46:08.181root 11241100x80000000000000001749334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039d278954b65a942022-02-14 08:46:08.181root 11241100x80000000000000001749335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5738531590c2cf2022-02-14 08:46:08.181root 11241100x80000000000000001749336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa07c088a75fcf72022-02-14 08:46:08.181root 11241100x80000000000000001749337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39853b8e403679582022-02-14 08:46:08.181root 11241100x80000000000000001749338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6106098d72a848fc2022-02-14 08:46:08.181root 11241100x80000000000000001749339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ba3a87669067db2022-02-14 08:46:08.680root 11241100x80000000000000001749340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f132c37a00b3312022-02-14 08:46:08.680root 11241100x80000000000000001749341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061edaf58add093e2022-02-14 08:46:08.680root 11241100x80000000000000001749342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0ce1290284b7392022-02-14 08:46:08.680root 11241100x80000000000000001749343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8e5fd89ab04d872022-02-14 08:46:08.680root 11241100x80000000000000001749344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01433d1903c507212022-02-14 08:46:08.680root 11241100x80000000000000001749345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e5c1a86860461b2022-02-14 08:46:08.680root 11241100x80000000000000001749346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1367bc04a456b3e92022-02-14 08:46:08.681root 11241100x80000000000000001749347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75d8776e2f6aaff2022-02-14 08:46:08.681root 11241100x80000000000000001749348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4a1eeb39a15e8a2022-02-14 08:46:08.681root 11241100x80000000000000001749349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0148ccb020d3728c2022-02-14 08:46:08.681root 11241100x80000000000000001749350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d8a3710dc77d462022-02-14 08:46:08.681root 11241100x80000000000000001749351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ddf1da8164354f2022-02-14 08:46:08.681root 11241100x80000000000000001749352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:08.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3382f07c764b272022-02-14 08:46:08.681root 11241100x80000000000000001749353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c28fe287038dd102022-02-14 08:46:09.180root 11241100x80000000000000001749354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e4401db3187ecb2022-02-14 08:46:09.180root 11241100x80000000000000001749355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0cea4fc8ef50ed2022-02-14 08:46:09.180root 11241100x80000000000000001749356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b7b7016c64de2e2022-02-14 08:46:09.180root 11241100x80000000000000001749357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7a5c6c0026b1fa2022-02-14 08:46:09.180root 11241100x80000000000000001749358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f414433cf4c839e2022-02-14 08:46:09.180root 11241100x80000000000000001749359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610cb92f8ff2f2092022-02-14 08:46:09.180root 11241100x80000000000000001749360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3591061b207a6ba12022-02-14 08:46:09.181root 11241100x80000000000000001749361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c2a2c5f28f89ca2022-02-14 08:46:09.181root 11241100x80000000000000001749362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdae7ce0b39ce1c2022-02-14 08:46:09.181root 11241100x80000000000000001749363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80669374656d45532022-02-14 08:46:09.181root 11241100x80000000000000001749364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdff9a0ad25b2032022-02-14 08:46:09.181root 11241100x80000000000000001749365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e463eb425dc24bd32022-02-14 08:46:09.181root 11241100x80000000000000001749366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b07572ba9b45372022-02-14 08:46:09.181root 11241100x80000000000000001749367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d06a2b1f7df3bac2022-02-14 08:46:09.680root 11241100x80000000000000001749368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3993d29e07e61d732022-02-14 08:46:09.680root 11241100x80000000000000001749369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf24435e21f93e62022-02-14 08:46:09.680root 11241100x80000000000000001749370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccea4613d368af82022-02-14 08:46:09.680root 11241100x80000000000000001749371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0118a7bd9cb853c62022-02-14 08:46:09.680root 11241100x80000000000000001749372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fba2141b0027182022-02-14 08:46:09.680root 11241100x80000000000000001749373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28206ebc21e49502022-02-14 08:46:09.680root 11241100x80000000000000001749374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cc31e07ee8a4532022-02-14 08:46:09.681root 11241100x80000000000000001749375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03f89c30e4ddf9e2022-02-14 08:46:09.681root 11241100x80000000000000001749376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd6b887c56a8d3c2022-02-14 08:46:09.681root 11241100x80000000000000001749377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b0273b7521103f2022-02-14 08:46:09.681root 11241100x80000000000000001749378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5c8653095ec6b52022-02-14 08:46:09.681root 11241100x80000000000000001749379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f6e407009e89102022-02-14 08:46:09.681root 11241100x80000000000000001749380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:09.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e63928045bb007a2022-02-14 08:46:09.681root 11241100x80000000000000001749381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41360811aa4a74a42022-02-14 08:46:10.180root 11241100x80000000000000001749382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4e4e062ba780162022-02-14 08:46:10.180root 11241100x80000000000000001749383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce853f21467704212022-02-14 08:46:10.180root 11241100x80000000000000001749384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1309bbcb5423fa2022-02-14 08:46:10.180root 11241100x80000000000000001749385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468d427f4a7e76b12022-02-14 08:46:10.180root 11241100x80000000000000001749386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07aeeda0d05f3f22022-02-14 08:46:10.180root 11241100x80000000000000001749387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1beb5e9762b105c52022-02-14 08:46:10.181root 11241100x80000000000000001749388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8863d8a0000332e2022-02-14 08:46:10.181root 11241100x80000000000000001749389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e49edab0870f102022-02-14 08:46:10.181root 11241100x80000000000000001749390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadbfbc4e10a52e52022-02-14 08:46:10.181root 11241100x80000000000000001749391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31072bbf83c3ff672022-02-14 08:46:10.181root 11241100x80000000000000001749392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caf7437f90e32df2022-02-14 08:46:10.181root 11241100x80000000000000001749393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f58d11b8ba41842022-02-14 08:46:10.181root 11241100x80000000000000001749394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80bd624460a4df12022-02-14 08:46:10.181root 11241100x80000000000000001749395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.212{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-02-14 08:46:10.212root 354300x80000000000000001749396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.224{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-55018-false10.0.1.12-8089- 11241100x80000000000000001749397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98b8df505a5685f2022-02-14 08:46:10.680root 11241100x80000000000000001749398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273b1e1b0fe88dc22022-02-14 08:46:10.680root 11241100x80000000000000001749399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c8c0ae310013792022-02-14 08:46:10.680root 11241100x80000000000000001749400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdf9c03737e5c452022-02-14 08:46:10.680root 11241100x80000000000000001749401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6f32a3f514b5d02022-02-14 08:46:10.680root 11241100x80000000000000001749402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3fda54f326a3592022-02-14 08:46:10.680root 11241100x80000000000000001749403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d477618cb4db223c2022-02-14 08:46:10.681root 11241100x80000000000000001749404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9837146e03d13fe32022-02-14 08:46:10.681root 11241100x80000000000000001749405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7e727b76332bea2022-02-14 08:46:10.681root 11241100x80000000000000001749406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d429fdfbbe8b28a2022-02-14 08:46:10.681root 11241100x80000000000000001749407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6b455056b33c642022-02-14 08:46:10.681root 11241100x80000000000000001749408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f869d4ccf1f13262022-02-14 08:46:10.681root 11241100x80000000000000001749409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309b5ba7fd8949122022-02-14 08:46:10.681root 11241100x80000000000000001749410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc9dec1e78034e72022-02-14 08:46:10.681root 11241100x80000000000000001749411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feeb5a1922a7ea922022-02-14 08:46:10.681root 11241100x80000000000000001749412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:10.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f099ba7d344ee28f2022-02-14 08:46:10.681root 11241100x80000000000000001749413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949b51f73f68c1d22022-02-14 08:46:11.180root 11241100x80000000000000001749414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5dd612727f5c0b2022-02-14 08:46:11.180root 11241100x80000000000000001749415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f96704c9529210c2022-02-14 08:46:11.180root 11241100x80000000000000001749416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e1b726451b0b332022-02-14 08:46:11.180root 11241100x80000000000000001749417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc457528ef452722022-02-14 08:46:11.180root 11241100x80000000000000001749418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c541e71e566c1cd2022-02-14 08:46:11.180root 11241100x80000000000000001749419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b29c15697f19502022-02-14 08:46:11.181root 11241100x80000000000000001749420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e688c4bd5a1e64b92022-02-14 08:46:11.181root 11241100x80000000000000001749421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9fad731ebef7382022-02-14 08:46:11.181root 11241100x80000000000000001749422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f6d27c6d53dfd92022-02-14 08:46:11.181root 11241100x80000000000000001749423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee47224dd4c1f452022-02-14 08:46:11.181root 11241100x80000000000000001749424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed673968132e94c12022-02-14 08:46:11.181root 11241100x80000000000000001749425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c5b6ff207b18992022-02-14 08:46:11.181root 11241100x80000000000000001749426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba21fd8b71d4a49b2022-02-14 08:46:11.181root 11241100x80000000000000001749427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d693648d553ba9462022-02-14 08:46:11.181root 11241100x80000000000000001749428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4333235a846c79612022-02-14 08:46:11.181root 11241100x80000000000000001749429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11a77fd58d1e5e82022-02-14 08:46:11.680root 11241100x80000000000000001749430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf93391e3c742d452022-02-14 08:46:11.680root 11241100x80000000000000001749431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6a499c79edd84b2022-02-14 08:46:11.680root 11241100x80000000000000001749432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013618e3f9458a312022-02-14 08:46:11.680root 11241100x80000000000000001749433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f9b6299c944e072022-02-14 08:46:11.680root 11241100x80000000000000001749434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5efb3b813020e92022-02-14 08:46:11.680root 11241100x80000000000000001749435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13813dcbf0b89e302022-02-14 08:46:11.680root 11241100x80000000000000001749436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e6c64ab347ee792022-02-14 08:46:11.681root 11241100x80000000000000001749437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf5246ed3fd391c2022-02-14 08:46:11.681root 11241100x80000000000000001749438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e888ba67bfba15c2022-02-14 08:46:11.681root 11241100x80000000000000001749439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65d6c7d5c1f60012022-02-14 08:46:11.681root 11241100x80000000000000001749440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0a1b4f9a3c555d2022-02-14 08:46:11.681root 11241100x80000000000000001749441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3497189026b7064c2022-02-14 08:46:11.681root 11241100x80000000000000001749442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155860513e861ccb2022-02-14 08:46:11.681root 11241100x80000000000000001749443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841fe78e11766d4c2022-02-14 08:46:11.681root 11241100x80000000000000001749444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:11.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08420a84f5e8a9642022-02-14 08:46:11.681root 11241100x80000000000000001749445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206a2926e0ceac9b2022-02-14 08:46:12.180root 11241100x80000000000000001749446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e116d83a39c9561f2022-02-14 08:46:12.180root 11241100x80000000000000001749447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52aeb610f29737502022-02-14 08:46:12.180root 11241100x80000000000000001749448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce493fbe8f9d27f2022-02-14 08:46:12.180root 11241100x80000000000000001749449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55dca18afad7c47c2022-02-14 08:46:12.180root 11241100x80000000000000001749450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11173cb383a58f12022-02-14 08:46:12.181root 11241100x80000000000000001749451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc0787692d2a43f2022-02-14 08:46:12.181root 11241100x80000000000000001749452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc520c18922d7c512022-02-14 08:46:12.181root 11241100x80000000000000001749453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de01d93fd6300952022-02-14 08:46:12.181root 11241100x80000000000000001749454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c660a8cff0a93d62022-02-14 08:46:12.181root 11241100x80000000000000001749455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6614628e880bdda2022-02-14 08:46:12.181root 11241100x80000000000000001749456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279e8f35c4304c9b2022-02-14 08:46:12.181root 11241100x80000000000000001749457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1634d71b87d942e2022-02-14 08:46:12.181root 11241100x80000000000000001749458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e6c6569b534be02022-02-14 08:46:12.181root 11241100x80000000000000001749459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c6381bef2a95ac2022-02-14 08:46:12.181root 11241100x80000000000000001749460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9650e540ac5691d82022-02-14 08:46:12.181root 11241100x80000000000000001749461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8431b3517d2dcd922022-02-14 08:46:12.680root 11241100x80000000000000001749462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076fbb75928f8f932022-02-14 08:46:12.680root 11241100x80000000000000001749463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af764f67050a75b2022-02-14 08:46:12.680root 11241100x80000000000000001749464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2eb2ab0bc64fb6f2022-02-14 08:46:12.680root 11241100x80000000000000001749465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa16c3e46070b39e2022-02-14 08:46:12.681root 11241100x80000000000000001749466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a2c739f5245e782022-02-14 08:46:12.681root 11241100x80000000000000001749467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9cdfe791af6bc42022-02-14 08:46:12.681root 11241100x80000000000000001749468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2105ec8e5eadd32022-02-14 08:46:12.681root 11241100x80000000000000001749469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2c9b2ebdba8a992022-02-14 08:46:12.681root 11241100x80000000000000001749470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b9391507cd53f82022-02-14 08:46:12.681root 11241100x80000000000000001749471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11686e83d4250d9d2022-02-14 08:46:12.681root 11241100x80000000000000001749472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7788a28a1e4463672022-02-14 08:46:12.681root 11241100x80000000000000001749473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821c5aea5a0d93ae2022-02-14 08:46:12.681root 11241100x80000000000000001749474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb8b521360d1ff82022-02-14 08:46:12.681root 11241100x80000000000000001749475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf885285bbbfa7b2022-02-14 08:46:12.681root 11241100x80000000000000001749476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:12.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac3556d100b9b332022-02-14 08:46:12.681root 354300x80000000000000001749477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.104{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51532-false10.0.1.12-8000- 11241100x80000000000000001749478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ae3e9ebab35a902022-02-14 08:46:13.105root 11241100x80000000000000001749479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e93f63c1b9ec50a2022-02-14 08:46:13.105root 11241100x80000000000000001749480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f95d248ed60db5b2022-02-14 08:46:13.105root 11241100x80000000000000001749481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4e23d1bdcb9da62022-02-14 08:46:13.105root 11241100x80000000000000001749482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4e1770bdd3def42022-02-14 08:46:13.105root 11241100x80000000000000001749483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7fd4c4bb2498ea2022-02-14 08:46:13.105root 11241100x80000000000000001749484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d600cd8a61900a6c2022-02-14 08:46:13.105root 11241100x80000000000000001749485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04327d534ec8e6012022-02-14 08:46:13.105root 11241100x80000000000000001749486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61958416adf62f82022-02-14 08:46:13.106root 11241100x80000000000000001749487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fec947eb605b2812022-02-14 08:46:13.106root 11241100x80000000000000001749488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ceae44f161edb52022-02-14 08:46:13.106root 11241100x80000000000000001749489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67653e21784a1a422022-02-14 08:46:13.106root 11241100x80000000000000001749490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc959f80f118cd8d2022-02-14 08:46:13.106root 11241100x80000000000000001749491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4517f718e920885a2022-02-14 08:46:13.106root 11241100x80000000000000001749492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80d945f1585362b2022-02-14 08:46:13.106root 11241100x80000000000000001749493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0ccd757f52426f2022-02-14 08:46:13.106root 11241100x80000000000000001749494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12dce26e29e64bcd2022-02-14 08:46:13.106root 11241100x80000000000000001749495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db6db91ef4e4e862022-02-14 08:46:13.106root 11241100x80000000000000001749496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e4365313b9e77f2022-02-14 08:46:13.106root 154100x80000000000000001749497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.201{ec2ab09f-16d5-620a-e8e6-186c6f550000}2027/bin/ls-----ls --color=auto -l/tmpubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{ec2ab09f-1691-620a-0814-31b1c5550000}2004/bin/bash-bashubuntu 534500x80000000000000001749498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.203{ec2ab09f-16d5-620a-e8e6-186c6f550000}2027/bin/lsubuntu 23542300x80000000000000001749499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.213{ec2ab09f-1002-620a-3078-922c7d550000}1328root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000001749500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9699fd3d6cbbba2022-02-14 08:46:13.429root 11241100x80000000000000001749501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b7a25d4c85c5f92022-02-14 08:46:13.430root 11241100x80000000000000001749502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb44edac7bc5fb152022-02-14 08:46:13.430root 11241100x80000000000000001749503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b4c4002616da092022-02-14 08:46:13.430root 11241100x80000000000000001749504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500d5a7658b1883c2022-02-14 08:46:13.430root 11241100x80000000000000001749505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e4a4000fb3c1e92022-02-14 08:46:13.430root 11241100x80000000000000001749506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15dc804890508dc62022-02-14 08:46:13.430root 11241100x80000000000000001749507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0882b9532f3bd4f82022-02-14 08:46:13.430root 11241100x80000000000000001749508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b69836202668ab92022-02-14 08:46:13.430root 11241100x80000000000000001749509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87fb05c3ed8f2cc2022-02-14 08:46:13.430root 11241100x80000000000000001749510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4258f8e42834352022-02-14 08:46:13.430root 11241100x80000000000000001749511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86966224769940c2022-02-14 08:46:13.431root 11241100x80000000000000001749512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5490e663cff89cca2022-02-14 08:46:13.431root 11241100x80000000000000001749513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24426b1d1507c3a72022-02-14 08:46:13.431root 11241100x80000000000000001749514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88fc0a34f4b55bb2022-02-14 08:46:13.431root 11241100x80000000000000001749515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbe931e938bd3ed2022-02-14 08:46:13.431root 11241100x80000000000000001749516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1645e7ad2ea2b6052022-02-14 08:46:13.431root 11241100x80000000000000001749517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d1216a6f1f87612022-02-14 08:46:13.431root 11241100x80000000000000001749518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe1391c9c79ff7a2022-02-14 08:46:13.432root 11241100x80000000000000001749519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf201135ac15c772022-02-14 08:46:13.432root 11241100x80000000000000001749520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8b15792185c3f22022-02-14 08:46:13.432root 11241100x80000000000000001749521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee30daffe555baf2022-02-14 08:46:13.930root 11241100x80000000000000001749522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c1bf42370134b92022-02-14 08:46:13.930root 11241100x80000000000000001749523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c641208938258dd72022-02-14 08:46:13.930root 11241100x80000000000000001749524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2797a57c7a64f69c2022-02-14 08:46:13.930root 11241100x80000000000000001749525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0687371377071b262022-02-14 08:46:13.931root 11241100x80000000000000001749526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8102cc3be2a8a0242022-02-14 08:46:13.931root 11241100x80000000000000001749527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559fdc385726589f2022-02-14 08:46:13.931root 11241100x80000000000000001749528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc914a411b1a6832022-02-14 08:46:13.931root 11241100x80000000000000001749529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14561ad3378a3322022-02-14 08:46:13.931root 11241100x80000000000000001749530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83278823ff230c3e2022-02-14 08:46:13.931root 11241100x80000000000000001749531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f87d7cfd5e1a6d2022-02-14 08:46:13.931root 11241100x80000000000000001749532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8dc512b9a9e99962022-02-14 08:46:13.931root 11241100x80000000000000001749533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b308cef082caeae72022-02-14 08:46:13.931root 11241100x80000000000000001749534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9d2bc6d79633ec2022-02-14 08:46:13.931root 11241100x80000000000000001749535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cbec659bc7f7982022-02-14 08:46:13.931root 11241100x80000000000000001749536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d192a54877ed057d2022-02-14 08:46:13.931root 11241100x80000000000000001749537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634cbfdb9ef658062022-02-14 08:46:13.931root 11241100x80000000000000001749538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70853fbd25dd65ba2022-02-14 08:46:13.931root 11241100x80000000000000001749539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0435394effc267db2022-02-14 08:46:13.932root 11241100x80000000000000001749540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:13.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c2ab110393e8402022-02-14 08:46:13.932root 11241100x80000000000000001749541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cc864f3877aa162022-02-14 08:46:14.430root 11241100x80000000000000001749542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f04cad46d7c74842022-02-14 08:46:14.430root 11241100x80000000000000001749543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f13a67b3294e6dc2022-02-14 08:46:14.430root 11241100x80000000000000001749544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf199a5af104b8a22022-02-14 08:46:14.431root 11241100x80000000000000001749545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e1152f4b0406b72022-02-14 08:46:14.431root 11241100x80000000000000001749546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bfff10007140b92022-02-14 08:46:14.431root 11241100x80000000000000001749547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b51b73c5118341d2022-02-14 08:46:14.431root 11241100x80000000000000001749548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cc914e0b521f802022-02-14 08:46:14.431root 11241100x80000000000000001749549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ece3d1b38acfccf2022-02-14 08:46:14.431root 11241100x80000000000000001749550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89521f2e40240152022-02-14 08:46:14.431root 11241100x80000000000000001749551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bee982af86ceffb2022-02-14 08:46:14.431root 11241100x80000000000000001749552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be452121f16f4a02022-02-14 08:46:14.431root 11241100x80000000000000001749553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102b1fb9523898112022-02-14 08:46:14.431root 11241100x80000000000000001749554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e8522667fda8482022-02-14 08:46:14.431root 11241100x80000000000000001749555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d725896e0e3083182022-02-14 08:46:14.431root 11241100x80000000000000001749556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04c866f85cc585a2022-02-14 08:46:14.431root 11241100x80000000000000001749557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac469ef83eb33af2022-02-14 08:46:14.432root 11241100x80000000000000001749558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c62bfcce2d329282022-02-14 08:46:14.432root 11241100x80000000000000001749559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc01232a80dd67f2022-02-14 08:46:14.432root 11241100x80000000000000001749560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3e13be4fe63d9b2022-02-14 08:46:14.432root 11241100x80000000000000001749561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349ad439508db6d52022-02-14 08:46:14.930root 11241100x80000000000000001749562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171ddfd0897b3f362022-02-14 08:46:14.930root 11241100x80000000000000001749563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ae3c33dde4af0a2022-02-14 08:46:14.930root 11241100x80000000000000001749564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15665254bc2398fc2022-02-14 08:46:14.931root 11241100x80000000000000001749565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027fb1b84c6f667b2022-02-14 08:46:14.931root 11241100x80000000000000001749566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac970c8e8e18002a2022-02-14 08:46:14.931root 11241100x80000000000000001749567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049876cd370dcaf92022-02-14 08:46:14.931root 11241100x80000000000000001749568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f1d2a9620334662022-02-14 08:46:14.931root 11241100x80000000000000001749569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88686232ab0fc0b22022-02-14 08:46:14.931root 11241100x80000000000000001749570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880b959cfbc3120f2022-02-14 08:46:14.931root 11241100x80000000000000001749571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a501e8daff52bb92022-02-14 08:46:14.931root 11241100x80000000000000001749572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ca78f51fe582d82022-02-14 08:46:14.931root 11241100x80000000000000001749573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11dd14d9d60bdc8b2022-02-14 08:46:14.931root 11241100x80000000000000001749574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52403d57130418e2022-02-14 08:46:14.931root 11241100x80000000000000001749575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b7377e8ecf1d8c2022-02-14 08:46:14.931root 11241100x80000000000000001749576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0e936befdaf22d2022-02-14 08:46:14.931root 11241100x80000000000000001749577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8195d468d73e6602022-02-14 08:46:14.931root 11241100x80000000000000001749578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de643236ee2413852022-02-14 08:46:14.931root 11241100x80000000000000001749579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbea1a92e693d9322022-02-14 08:46:14.932root 11241100x80000000000000001749580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:14.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc0636a66ef24712022-02-14 08:46:14.932root 11241100x80000000000000001749581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066f612ab13e77dd2022-02-14 08:46:15.430root 11241100x80000000000000001749582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e627c7657c245c2022-02-14 08:46:15.430root 11241100x80000000000000001749583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28521cc1609ffe262022-02-14 08:46:15.430root 11241100x80000000000000001749584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25986965758692aa2022-02-14 08:46:15.430root 11241100x80000000000000001749585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c65efdc0fd9f3302022-02-14 08:46:15.430root 11241100x80000000000000001749586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0bc77cfe87a0512022-02-14 08:46:15.431root 11241100x80000000000000001749587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23560fd1b45e242e2022-02-14 08:46:15.431root 11241100x80000000000000001749588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86ff236762963022022-02-14 08:46:15.431root 11241100x80000000000000001749589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e56896121aa08ae2022-02-14 08:46:15.431root 11241100x80000000000000001749590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1da8d659abde4f2022-02-14 08:46:15.431root 11241100x80000000000000001749591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2bdfa2a9c396042022-02-14 08:46:15.432root 11241100x80000000000000001749592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef776e0098aac2a2022-02-14 08:46:15.432root 11241100x80000000000000001749593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c8d45e3a7a99312022-02-14 08:46:15.432root 11241100x80000000000000001749594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5222191bddf5952022-02-14 08:46:15.432root 11241100x80000000000000001749595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77a4aed3c2b2d202022-02-14 08:46:15.432root 11241100x80000000000000001749596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88ddc2c711eb7a52022-02-14 08:46:15.432root 11241100x80000000000000001749597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ffff41f5bf94cb2022-02-14 08:46:15.433root 11241100x80000000000000001749598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a671b302d025da32022-02-14 08:46:15.433root 11241100x80000000000000001749599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d3388402a2bacf2022-02-14 08:46:15.433root 11241100x80000000000000001749600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfff703dcf6a63b42022-02-14 08:46:15.433root 11241100x80000000000000001749601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acfcaff422e9fe42022-02-14 08:46:15.433root 11241100x80000000000000001749602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b1644acadce2232022-02-14 08:46:15.930root 11241100x80000000000000001749603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b38f2521457ad12022-02-14 08:46:15.930root 11241100x80000000000000001749604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0a32eafdc112022022-02-14 08:46:15.930root 11241100x80000000000000001749605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59184d9f76c3ad712022-02-14 08:46:15.931root 11241100x80000000000000001749606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c7145b536c38e22022-02-14 08:46:15.931root 11241100x80000000000000001749607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ce1a40d96b3aa12022-02-14 08:46:15.931root 11241100x80000000000000001749608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152d8903b99d3c892022-02-14 08:46:15.931root 11241100x80000000000000001749609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203cb5aa79cd0ec92022-02-14 08:46:15.931root 11241100x80000000000000001749610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab30ca4017282942022-02-14 08:46:15.931root 11241100x80000000000000001749611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4917e34e9c79a252022-02-14 08:46:15.931root 11241100x80000000000000001749612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5d5c2da0e88f7f2022-02-14 08:46:15.932root 11241100x80000000000000001749613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f727fbfda343d0bb2022-02-14 08:46:15.932root 11241100x80000000000000001749614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915280692bf1f8822022-02-14 08:46:15.932root 11241100x80000000000000001749615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8e0208b57bdeda2022-02-14 08:46:15.932root 11241100x80000000000000001749616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd291a302ccae362022-02-14 08:46:15.932root 11241100x80000000000000001749617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051b09dde2c6debc2022-02-14 08:46:15.932root 11241100x80000000000000001749618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9663d8bbe6f77c7e2022-02-14 08:46:15.933root 11241100x80000000000000001749619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec505ef62cb99c6c2022-02-14 08:46:15.933root 11241100x80000000000000001749620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8d781670db26732022-02-14 08:46:15.933root 11241100x80000000000000001749621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:15.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f47e9313ea298e2022-02-14 08:46:15.933root 11241100x80000000000000001749622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e28ec33dbfeebde2022-02-14 08:46:16.430root 11241100x80000000000000001749623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90a9d4187ef66b12022-02-14 08:46:16.430root 11241100x80000000000000001749624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee768adbdd512672022-02-14 08:46:16.431root 11241100x80000000000000001749625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cf0c6b535672922022-02-14 08:46:16.431root 11241100x80000000000000001749626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c38283083115d32022-02-14 08:46:16.431root 11241100x80000000000000001749627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45283b2e2aa45db52022-02-14 08:46:16.431root 11241100x80000000000000001749628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c4d940ef3343a32022-02-14 08:46:16.431root 11241100x80000000000000001749629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda719652332eafb2022-02-14 08:46:16.431root 11241100x80000000000000001749630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc393b656ea387652022-02-14 08:46:16.431root 11241100x80000000000000001749631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdca180a168f4ed2022-02-14 08:46:16.431root 11241100x80000000000000001749632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48b17b08a447a222022-02-14 08:46:16.431root 11241100x80000000000000001749633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36002d86828fbd72022-02-14 08:46:16.431root 11241100x80000000000000001749634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65c59e7b99b38422022-02-14 08:46:16.431root 11241100x80000000000000001749635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6565dec54f9dc81d2022-02-14 08:46:16.431root 11241100x80000000000000001749636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8844c259ed0a99c62022-02-14 08:46:16.431root 11241100x80000000000000001749637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd9b0b0970137812022-02-14 08:46:16.431root 11241100x80000000000000001749638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7281e8edf0acdf272022-02-14 08:46:16.431root 11241100x80000000000000001749639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa70f4ac0202da432022-02-14 08:46:16.432root 11241100x80000000000000001749640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e916fa7270fca8b2022-02-14 08:46:16.432root 11241100x80000000000000001749641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d959dfa238d30dc2022-02-14 08:46:16.432root 11241100x80000000000000001749642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e224f2a7a35ae62022-02-14 08:46:16.930root 11241100x80000000000000001749643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83ca4fd3b03e9d32022-02-14 08:46:16.930root 11241100x80000000000000001749644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335c90e09130e90d2022-02-14 08:46:16.930root 11241100x80000000000000001749645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11578dfb52f403fb2022-02-14 08:46:16.931root 11241100x80000000000000001749646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b2bd9f33b4755b2022-02-14 08:46:16.931root 11241100x80000000000000001749647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43051384f3f8ec0a2022-02-14 08:46:16.931root 11241100x80000000000000001749648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb9e01e898be27f2022-02-14 08:46:16.931root 11241100x80000000000000001749649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59a27286e087e372022-02-14 08:46:16.931root 11241100x80000000000000001749650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee16e606933958d02022-02-14 08:46:16.931root 11241100x80000000000000001749651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7ffa2a22795fc72022-02-14 08:46:16.931root 11241100x80000000000000001749652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bf1d2aacfe3c4b2022-02-14 08:46:16.931root 11241100x80000000000000001749653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cab80d2253dc9c2022-02-14 08:46:16.931root 11241100x80000000000000001749654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e988b99c5ba8c9ac2022-02-14 08:46:16.931root 11241100x80000000000000001749655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bb63ef85a1c8782022-02-14 08:46:16.931root 11241100x80000000000000001749656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf93dced5f5d7a52022-02-14 08:46:16.933root 11241100x80000000000000001749657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e0e0d730d0f3fd2022-02-14 08:46:16.933root 11241100x80000000000000001749658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86770692421653092022-02-14 08:46:16.933root 11241100x80000000000000001749659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac55c5e5b9757db82022-02-14 08:46:16.933root 11241100x80000000000000001749660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d51c4ca7278da3c2022-02-14 08:46:16.933root 11241100x80000000000000001749661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:16.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67122a03861d95242022-02-14 08:46:16.933root 11241100x80000000000000001749662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75430875c25a033f2022-02-14 08:46:17.430root 11241100x80000000000000001749663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb06a135f375b58b2022-02-14 08:46:17.430root 11241100x80000000000000001749664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94af1c8dc5f611fc2022-02-14 08:46:17.430root 11241100x80000000000000001749665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1783f34e71042ea82022-02-14 08:46:17.431root 11241100x80000000000000001749666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11c4c4200c5d9832022-02-14 08:46:17.431root 11241100x80000000000000001749667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4645e40ae9028dc52022-02-14 08:46:17.431root 11241100x80000000000000001749668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d252c6f550ebb8b02022-02-14 08:46:17.431root 11241100x80000000000000001749669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5a72a48058c9a32022-02-14 08:46:17.431root 11241100x80000000000000001749670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca919b79f1285402022-02-14 08:46:17.431root 11241100x80000000000000001749671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef28e64fa3f96ae12022-02-14 08:46:17.431root 11241100x80000000000000001749672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e366abf4809aa8c22022-02-14 08:46:17.431root 11241100x80000000000000001749673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1745f20aa42aa42022-02-14 08:46:17.431root 11241100x80000000000000001749674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406dd267328de8bb2022-02-14 08:46:17.431root 11241100x80000000000000001749675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21065a9d0c4744622022-02-14 08:46:17.431root 11241100x80000000000000001749676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c30c2319e5a152c2022-02-14 08:46:17.432root 11241100x80000000000000001749677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bf2c7c564ebfa22022-02-14 08:46:17.432root 11241100x80000000000000001749678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1234870ece52a442022-02-14 08:46:17.432root 11241100x80000000000000001749679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d2165efd9a9ad82022-02-14 08:46:17.432root 11241100x80000000000000001749680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d01cef37ecb0462022-02-14 08:46:17.432root 11241100x80000000000000001749681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37e0c43b87786c82022-02-14 08:46:17.432root 11241100x80000000000000001749682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e60025e1c2618082022-02-14 08:46:17.930root 11241100x80000000000000001749683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b157e7adb63af92022-02-14 08:46:17.931root 11241100x80000000000000001749684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6f292d1f46b9702022-02-14 08:46:17.931root 11241100x80000000000000001749685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85a5dcae970fbd12022-02-14 08:46:17.931root 11241100x80000000000000001749686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eeeb3105293b0592022-02-14 08:46:17.931root 11241100x80000000000000001749687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1622f6d6fc33f9712022-02-14 08:46:17.931root 11241100x80000000000000001749688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f449dae79c09a52022-02-14 08:46:17.931root 11241100x80000000000000001749689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fd9ace776b89cb2022-02-14 08:46:17.931root 11241100x80000000000000001749690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb32f80eac2e6572022-02-14 08:46:17.931root 11241100x80000000000000001749691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e47f08a359dbfb2022-02-14 08:46:17.931root 11241100x80000000000000001749692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a099da3a9e0d40312022-02-14 08:46:17.931root 11241100x80000000000000001749693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1435bcbd98ef8182022-02-14 08:46:17.931root 11241100x80000000000000001749694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682594298c91a66c2022-02-14 08:46:17.931root 11241100x80000000000000001749695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859de8f4cfc926542022-02-14 08:46:17.932root 11241100x80000000000000001749696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805bfd820c93776a2022-02-14 08:46:17.932root 11241100x80000000000000001749697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f73cd51004bd002022-02-14 08:46:17.932root 11241100x80000000000000001749698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786b7e3ece361ed82022-02-14 08:46:17.932root 11241100x80000000000000001749699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2dadeea72bc1262022-02-14 08:46:17.932root 11241100x80000000000000001749700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a69ad11b254bd12022-02-14 08:46:17.932root 11241100x80000000000000001749701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:17.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e91e0adc39197902022-02-14 08:46:17.932root 11241100x80000000000000001749702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b58f71f1a8f1982022-02-14 08:46:18.430root 11241100x80000000000000001749703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10cb68a7feafe7d2022-02-14 08:46:18.430root 11241100x80000000000000001749704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff39fdec8d91df482022-02-14 08:46:18.430root 11241100x80000000000000001749705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29520ad7c9919ef2022-02-14 08:46:18.431root 11241100x80000000000000001749706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e79fb301a37fd4e2022-02-14 08:46:18.431root 11241100x80000000000000001749707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0247c923069cd92d2022-02-14 08:46:18.431root 11241100x80000000000000001749708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd75bd64a6a4de92022-02-14 08:46:18.431root 11241100x80000000000000001749709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514e708bb590f32a2022-02-14 08:46:18.431root 11241100x80000000000000001749710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23cce8aeac6985e82022-02-14 08:46:18.431root 11241100x80000000000000001749711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839af3ab471cdbbd2022-02-14 08:46:18.431root 11241100x80000000000000001749712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a32e33413aa1842022-02-14 08:46:18.431root 11241100x80000000000000001749713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b64099101f69c32022-02-14 08:46:18.431root 11241100x80000000000000001749714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b48c7669aa0dd642022-02-14 08:46:18.431root 11241100x80000000000000001749715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bbe4ccaace32a52022-02-14 08:46:18.431root 11241100x80000000000000001749716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f9c12e96d044ca2022-02-14 08:46:18.431root 11241100x80000000000000001749717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e0297f456bb2c32022-02-14 08:46:18.431root 11241100x80000000000000001749718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d237f522f8ff85122022-02-14 08:46:18.431root 11241100x80000000000000001749719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bd463f3fe0f7702022-02-14 08:46:18.431root 11241100x80000000000000001749720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca68f3e0ef92b872022-02-14 08:46:18.431root 11241100x80000000000000001749721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a291fed6be2c992022-02-14 08:46:18.432root 11241100x80000000000000001749722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d19ee389e8308ef2022-02-14 08:46:18.930root 11241100x80000000000000001749723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022062e14736df832022-02-14 08:46:18.930root 11241100x80000000000000001749724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ad944aef798b182022-02-14 08:46:18.930root 11241100x80000000000000001749725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46212ea3f1e4ee3d2022-02-14 08:46:18.931root 11241100x80000000000000001749726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd5df367029d1642022-02-14 08:46:18.931root 11241100x80000000000000001749727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9f7365707c1c762022-02-14 08:46:18.931root 11241100x80000000000000001749728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f687765c46416c972022-02-14 08:46:18.931root 11241100x80000000000000001749729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c34372e6c20ac02022-02-14 08:46:18.931root 11241100x80000000000000001749730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f462a5c38e378e2a2022-02-14 08:46:18.931root 11241100x80000000000000001749731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01631ad7ad1a48b92022-02-14 08:46:18.931root 11241100x80000000000000001749732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517c4e80717aedc02022-02-14 08:46:18.931root 11241100x80000000000000001749733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4dc041564e819f2022-02-14 08:46:18.931root 11241100x80000000000000001749734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcc8861ff7ffafd2022-02-14 08:46:18.931root 11241100x80000000000000001749735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266d0f6f0cfe6baa2022-02-14 08:46:18.931root 11241100x80000000000000001749736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff8198b0f3385042022-02-14 08:46:18.931root 11241100x80000000000000001749737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380bce5c2f7835542022-02-14 08:46:18.931root 11241100x80000000000000001749738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cb8fb9a2fde6972022-02-14 08:46:18.931root 11241100x80000000000000001749739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e95aa5a9c45bd952022-02-14 08:46:18.931root 11241100x80000000000000001749740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dffaaf2769fcdd02022-02-14 08:46:18.931root 11241100x80000000000000001749741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:18.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39939347c77ee0f2022-02-14 08:46:18.932root 354300x80000000000000001749742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.045{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51534-false10.0.1.12-8000- 11241100x80000000000000001749743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803a90cbaf0b687b2022-02-14 08:46:19.430root 11241100x80000000000000001749744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7219df44273602712022-02-14 08:46:19.430root 11241100x80000000000000001749745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4fae08c369decd2022-02-14 08:46:19.430root 11241100x80000000000000001749746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da3ac1cafab342d2022-02-14 08:46:19.431root 11241100x80000000000000001749747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb676575c8d897e62022-02-14 08:46:19.431root 11241100x80000000000000001749748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0367f1e5f0b50d2022-02-14 08:46:19.431root 11241100x80000000000000001749749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1116f0cd23749c2a2022-02-14 08:46:19.431root 11241100x80000000000000001749750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4005497b47a8e42022-02-14 08:46:19.431root 11241100x80000000000000001749751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8118e9f559b98b82022-02-14 08:46:19.431root 11241100x80000000000000001749752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf39ab29decb59f2022-02-14 08:46:19.431root 11241100x80000000000000001749753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f7f7c81b3aff6b2022-02-14 08:46:19.431root 11241100x80000000000000001749754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33891806a9110fd72022-02-14 08:46:19.431root 11241100x80000000000000001749755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274bfeda90b4733e2022-02-14 08:46:19.431root 11241100x80000000000000001749756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d1f91112a86a312022-02-14 08:46:19.431root 11241100x80000000000000001749757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda9f885fe7047322022-02-14 08:46:19.431root 11241100x80000000000000001749758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed17aba2633231d2022-02-14 08:46:19.431root 11241100x80000000000000001749759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24bad0e6c63ed5c2022-02-14 08:46:19.431root 11241100x80000000000000001749760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dbcc4c362cf0882022-02-14 08:46:19.431root 11241100x80000000000000001749761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bff91366d8624c72022-02-14 08:46:19.432root 11241100x80000000000000001749762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7820ee6a88870fb42022-02-14 08:46:19.432root 11241100x80000000000000001749763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2bb7b4254f0a3a2022-02-14 08:46:19.432root 11241100x80000000000000001749764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f360d7b3061ae252022-02-14 08:46:19.930root 11241100x80000000000000001749765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11602b24947397732022-02-14 08:46:19.930root 11241100x80000000000000001749766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ab080984219d372022-02-14 08:46:19.931root 11241100x80000000000000001749767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f96bc975b40da92022-02-14 08:46:19.931root 11241100x80000000000000001749768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d3a883f90f08052022-02-14 08:46:19.931root 11241100x80000000000000001749769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1925cc59a9494e92022-02-14 08:46:19.931root 11241100x80000000000000001749770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21611baf120b67ba2022-02-14 08:46:19.931root 11241100x80000000000000001749771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b096a5aa5cf8e52022-02-14 08:46:19.931root 11241100x80000000000000001749772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac158bc4627a6fe2022-02-14 08:46:19.931root 11241100x80000000000000001749773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81363e6fdd41ac652022-02-14 08:46:19.931root 11241100x80000000000000001749774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff5ece89af7c87a2022-02-14 08:46:19.931root 11241100x80000000000000001749775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96697b2a36946fb92022-02-14 08:46:19.931root 11241100x80000000000000001749776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769acb17976646d72022-02-14 08:46:19.931root 11241100x80000000000000001749777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483a6f5e355449892022-02-14 08:46:19.932root 11241100x80000000000000001749778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3b0a332d8f67522022-02-14 08:46:19.932root 11241100x80000000000000001749779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8868392a3409002022-02-14 08:46:19.932root 11241100x80000000000000001749780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d42bca47ce09e92022-02-14 08:46:19.932root 11241100x80000000000000001749781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ffdc85ba7996b42022-02-14 08:46:19.932root 11241100x80000000000000001749782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b56f87071fc91d92022-02-14 08:46:19.932root 11241100x80000000000000001749783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa35bf33cc59b9612022-02-14 08:46:19.932root 11241100x80000000000000001749784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:19.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc61e9a31fbd0c12022-02-14 08:46:19.932root 11241100x80000000000000001749785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9d42b98ac22a1e2022-02-14 08:46:20.430root 11241100x80000000000000001749786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22634d9a5e78c1d2022-02-14 08:46:20.430root 11241100x80000000000000001749787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d0419d8a9f38992022-02-14 08:46:20.431root 11241100x80000000000000001749788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3ac29d3f8e70aa2022-02-14 08:46:20.431root 11241100x80000000000000001749789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed320f211bd2b95e2022-02-14 08:46:20.431root 11241100x80000000000000001749790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43698779686e5d6d2022-02-14 08:46:20.431root 11241100x80000000000000001749791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3214ec45a431e7a92022-02-14 08:46:20.431root 11241100x80000000000000001749792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6047343367ee3f32022-02-14 08:46:20.431root 11241100x80000000000000001749793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59800433a7f41a432022-02-14 08:46:20.431root 11241100x80000000000000001749794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c19fd10fc4e0f72022-02-14 08:46:20.431root 11241100x80000000000000001749795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf203284a514e6a62022-02-14 08:46:20.431root 11241100x80000000000000001749796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1dc87d2d5bdaa72022-02-14 08:46:20.431root 11241100x80000000000000001749797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29022a4c6fbb09b2022-02-14 08:46:20.431root 11241100x80000000000000001749798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a446f7a783266962022-02-14 08:46:20.431root 11241100x80000000000000001749799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd4a98c5101d38d2022-02-14 08:46:20.431root 11241100x80000000000000001749800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f750d23840474f2022-02-14 08:46:20.431root 11241100x80000000000000001749801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b57731e104b928f2022-02-14 08:46:20.432root 11241100x80000000000000001749802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87688b532fa591372022-02-14 08:46:20.432root 11241100x80000000000000001749803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa947b6eb4d88902022-02-14 08:46:20.432root 11241100x80000000000000001749804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90541bc0a8994b12022-02-14 08:46:20.432root 11241100x80000000000000001749805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c6a51fe942bc192022-02-14 08:46:20.432root 11241100x80000000000000001749806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220f88e8589021982022-02-14 08:46:20.930root 11241100x80000000000000001749807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d008ef2f8c235a22022-02-14 08:46:20.930root 11241100x80000000000000001749808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d98b23b896c4f52022-02-14 08:46:20.931root 11241100x80000000000000001749809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc2cb402bb4f7f52022-02-14 08:46:20.931root 11241100x80000000000000001749810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866199ceea88ba6f2022-02-14 08:46:20.931root 11241100x80000000000000001749811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db15ab76f5d2cfd02022-02-14 08:46:20.931root 11241100x80000000000000001749812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2e82887696f3602022-02-14 08:46:20.931root 11241100x80000000000000001749813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e5c580411521b02022-02-14 08:46:20.931root 11241100x80000000000000001749814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb17dcde75f34712022-02-14 08:46:20.931root 11241100x80000000000000001749815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558b856bf9cea8a12022-02-14 08:46:20.931root 11241100x80000000000000001749816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9412d72c12ce74c72022-02-14 08:46:20.931root 11241100x80000000000000001749817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9ff9440a353fba2022-02-14 08:46:20.931root 11241100x80000000000000001749818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc02b238bc0d72072022-02-14 08:46:20.931root 11241100x80000000000000001749819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086d2091ce9abc0d2022-02-14 08:46:20.932root 11241100x80000000000000001749820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1738cf12ea1118e02022-02-14 08:46:20.932root 11241100x80000000000000001749821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0cfae6eddb8b972022-02-14 08:46:20.932root 11241100x80000000000000001749822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d732b52eaf1e9b2022-02-14 08:46:20.932root 11241100x80000000000000001749823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f295931981317432022-02-14 08:46:20.932root 11241100x80000000000000001749824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86363956d26610bb2022-02-14 08:46:20.932root 11241100x80000000000000001749825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623e73a4ba0516d22022-02-14 08:46:20.932root 11241100x80000000000000001749826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:20.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba63fefa256930e42022-02-14 08:46:20.932root 11241100x80000000000000001749827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fec9e36ffdabe312022-02-14 08:46:21.429root 11241100x80000000000000001749828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b12c3ed65cf6fc2022-02-14 08:46:21.430root 11241100x80000000000000001749829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c711105d0736afe2022-02-14 08:46:21.430root 11241100x80000000000000001749830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb78b12fe5bfd652022-02-14 08:46:21.430root 11241100x80000000000000001749831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61874edc9a8f118c2022-02-14 08:46:21.430root 11241100x80000000000000001749832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607aea7d64a864b42022-02-14 08:46:21.430root 11241100x80000000000000001749833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d962c27692043212022-02-14 08:46:21.430root 11241100x80000000000000001749834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747074b542b9ea2e2022-02-14 08:46:21.430root 11241100x80000000000000001749835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598907620bc3cdee2022-02-14 08:46:21.430root 11241100x80000000000000001749836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22561ee88b9931412022-02-14 08:46:21.430root 11241100x80000000000000001749837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ce9af9af78fe8e2022-02-14 08:46:21.430root 11241100x80000000000000001749838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7f299fe9487c502022-02-14 08:46:21.431root 11241100x80000000000000001749839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67def2093448492f2022-02-14 08:46:21.431root 11241100x80000000000000001749840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906e95cd489dc5322022-02-14 08:46:21.431root 11241100x80000000000000001749841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4de117c3096abe02022-02-14 08:46:21.431root 11241100x80000000000000001749842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4a749b5f1ee8b02022-02-14 08:46:21.431root 11241100x80000000000000001749843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ad6ff76a4b43ed2022-02-14 08:46:21.431root 11241100x80000000000000001749844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c525786406771222022-02-14 08:46:21.431root 11241100x80000000000000001749845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd5a1c1e7e93e432022-02-14 08:46:21.431root 11241100x80000000000000001749846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d3448d1a0671a92022-02-14 08:46:21.431root 11241100x80000000000000001749847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a16d7b5a3014ad2022-02-14 08:46:21.431root 11241100x80000000000000001749848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1ef3c6dafd0bce2022-02-14 08:46:21.432root 11241100x80000000000000001749849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a81d624b549b2d72022-02-14 08:46:21.432root 11241100x80000000000000001749850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac238eaf56d832ce2022-02-14 08:46:21.432root 11241100x80000000000000001749851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa442bdca50648e2022-02-14 08:46:21.432root 11241100x80000000000000001749852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984c739850dc58432022-02-14 08:46:21.432root 11241100x80000000000000001749853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96a7c38e37374132022-02-14 08:46:21.930root 11241100x80000000000000001749854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2675cb04121eb8472022-02-14 08:46:21.931root 11241100x80000000000000001749855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473ebd75247649fb2022-02-14 08:46:21.931root 11241100x80000000000000001749856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35605ad0328327702022-02-14 08:46:21.931root 11241100x80000000000000001749857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a43591dd74410e2022-02-14 08:46:21.931root 11241100x80000000000000001749858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d75c2b73eba8d52022-02-14 08:46:21.931root 11241100x80000000000000001749859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8858fae127d0e1a52022-02-14 08:46:21.931root 11241100x80000000000000001749860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0097d4c41826b72022-02-14 08:46:21.932root 11241100x80000000000000001749861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd240d24c5e42242022-02-14 08:46:21.932root 11241100x80000000000000001749862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2490c3026240b9cd2022-02-14 08:46:21.932root 11241100x80000000000000001749863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6dd9fd01c313782022-02-14 08:46:21.932root 11241100x80000000000000001749864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d03913351a90292022-02-14 08:46:21.932root 11241100x80000000000000001749865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd34408ce123b2b2022-02-14 08:46:21.932root 11241100x80000000000000001749866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708fa8709ccf30bb2022-02-14 08:46:21.933root 11241100x80000000000000001749867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c60417ba2750a72022-02-14 08:46:21.933root 11241100x80000000000000001749868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb17c53ac235ad82022-02-14 08:46:21.933root 11241100x80000000000000001749869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d702f9ec2290eb72022-02-14 08:46:21.933root 11241100x80000000000000001749870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0055f81eee723c622022-02-14 08:46:21.933root 11241100x80000000000000001749871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d59fd4fa056ce92022-02-14 08:46:21.934root 11241100x80000000000000001749872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed79bf1fc4118ab62022-02-14 08:46:21.934root 11241100x80000000000000001749873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:21.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144393de205955972022-02-14 08:46:21.934root 11241100x80000000000000001749874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40956d48699400fb2022-02-14 08:46:22.429root 11241100x80000000000000001749875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d781f3b85ff7ed2022-02-14 08:46:22.430root 11241100x80000000000000001749876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b35cecb8f6f3a182022-02-14 08:46:22.430root 11241100x80000000000000001749877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f1fb2ac337465f2022-02-14 08:46:22.430root 11241100x80000000000000001749878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf7da08a190c0962022-02-14 08:46:22.431root 11241100x80000000000000001749879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e71ad6b727abdfe2022-02-14 08:46:22.431root 11241100x80000000000000001749880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af4a214f86e655e2022-02-14 08:46:22.431root 11241100x80000000000000001749881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4368d7e19e503a92022-02-14 08:46:22.431root 11241100x80000000000000001749882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bf492375626eac2022-02-14 08:46:22.431root 11241100x80000000000000001749883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af54acf091713eb2022-02-14 08:46:22.432root 11241100x80000000000000001749884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e0e7b966a041cd2022-02-14 08:46:22.432root 11241100x80000000000000001749885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8761bdcc9ae6c572022-02-14 08:46:22.433root 11241100x80000000000000001749886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddbb9eb2e86fd932022-02-14 08:46:22.433root 11241100x80000000000000001749887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395c93ce4b5e95ed2022-02-14 08:46:22.433root 11241100x80000000000000001749888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305ac3954e75e91f2022-02-14 08:46:22.433root 11241100x80000000000000001749889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4b381da8f04fc42022-02-14 08:46:22.433root 11241100x80000000000000001749890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8be3a62e41057892022-02-14 08:46:22.433root 11241100x80000000000000001749891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdc68b8c2940dac2022-02-14 08:46:22.434root 11241100x80000000000000001749892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1598ba2c00e7e12022-02-14 08:46:22.434root 11241100x80000000000000001749893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6266c658a9010d2022-02-14 08:46:22.434root 11241100x80000000000000001749894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055608109a0e6b2b2022-02-14 08:46:22.434root 11241100x80000000000000001749895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5e21b521dc8f452022-02-14 08:46:22.434root 11241100x80000000000000001749896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03bef9ad05533872022-02-14 08:46:22.930root 11241100x80000000000000001749897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0695f17b1d5bee2022-02-14 08:46:22.930root 11241100x80000000000000001749898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8927cb1598528f212022-02-14 08:46:22.930root 11241100x80000000000000001749899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d7df57863c7b8e2022-02-14 08:46:22.930root 11241100x80000000000000001749900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f71cf49dc7e91752022-02-14 08:46:22.930root 11241100x80000000000000001749901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c10111b00a382e2022-02-14 08:46:22.930root 11241100x80000000000000001749902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bb624abdcc6b202022-02-14 08:46:22.930root 11241100x80000000000000001749903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b17c60948e80e0c2022-02-14 08:46:22.930root 11241100x80000000000000001749904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ba8b4770f844602022-02-14 08:46:22.930root 11241100x80000000000000001749905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0f37e25f31d02e2022-02-14 08:46:22.931root 11241100x80000000000000001749906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8885fb07661b57b2022-02-14 08:46:22.931root 11241100x80000000000000001749907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153fdabbe0de079e2022-02-14 08:46:22.931root 11241100x80000000000000001749908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56fb87315fdc935f2022-02-14 08:46:22.931root 11241100x80000000000000001749909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e420fa1ee5c2132022-02-14 08:46:22.931root 11241100x80000000000000001749910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b237de0f87c1af732022-02-14 08:46:22.931root 11241100x80000000000000001749911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1735744b28bd7f752022-02-14 08:46:22.932root 11241100x80000000000000001749912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82743e87d356efb12022-02-14 08:46:22.933root 11241100x80000000000000001749913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdca3060c612373a2022-02-14 08:46:22.934root 11241100x80000000000000001749914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e31227720f582a2022-02-14 08:46:22.934root 11241100x80000000000000001749915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4321bbf738211072022-02-14 08:46:22.934root 11241100x80000000000000001749916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895fb1352f2dbb8d2022-02-14 08:46:22.934root 11241100x80000000000000001749917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedc967f0a01c1032022-02-14 08:46:22.934root 11241100x80000000000000001749918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:22.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8dbbd118bfc5192022-02-14 08:46:22.934root 11241100x80000000000000001749919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c4478763b8165a2022-02-14 08:46:23.430root 11241100x80000000000000001749920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc053c318083a562022-02-14 08:46:23.430root 11241100x80000000000000001749921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46a798465fbfd072022-02-14 08:46:23.430root 11241100x80000000000000001749922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dc8edddae986c72022-02-14 08:46:23.431root 11241100x80000000000000001749923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d920f3a7492e1652022-02-14 08:46:23.431root 11241100x80000000000000001749924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9406e0d290f7e62022-02-14 08:46:23.431root 11241100x80000000000000001749925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf96a50e57093ac92022-02-14 08:46:23.431root 11241100x80000000000000001749926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe42306d56b2345d2022-02-14 08:46:23.431root 11241100x80000000000000001749927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bba15295734993f2022-02-14 08:46:23.431root 11241100x80000000000000001749928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e9e8580970ae632022-02-14 08:46:23.431root 11241100x80000000000000001749929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c3e4015b2cd1d42022-02-14 08:46:23.431root 11241100x80000000000000001749930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f43b3ea44c1c1e2022-02-14 08:46:23.431root 11241100x80000000000000001749931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a41374d0ad480c52022-02-14 08:46:23.432root 11241100x80000000000000001749932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafca20cee0758962022-02-14 08:46:23.432root 11241100x80000000000000001749933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a1086ce0ca39162022-02-14 08:46:23.432root 11241100x80000000000000001749934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937ea17e10b76c9d2022-02-14 08:46:23.432root 11241100x80000000000000001749935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921e36d96c5e29542022-02-14 08:46:23.432root 11241100x80000000000000001749936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1b078a4ae7fbb92022-02-14 08:46:23.432root 11241100x80000000000000001749937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8e161ea5892b9a2022-02-14 08:46:23.432root 11241100x80000000000000001749938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4d529840367fff2022-02-14 08:46:23.432root 11241100x80000000000000001749939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ac2b87651915a12022-02-14 08:46:23.432root 11241100x80000000000000001749940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae65413ca515d2662022-02-14 08:46:23.929root 11241100x80000000000000001749941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a350193d6de232d92022-02-14 08:46:23.930root 11241100x80000000000000001749942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cf33aec955df252022-02-14 08:46:23.930root 11241100x80000000000000001749943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15accde82ba529522022-02-14 08:46:23.930root 11241100x80000000000000001749944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e834bf505aa4b3ed2022-02-14 08:46:23.931root 11241100x80000000000000001749945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bffe56cd809ec612022-02-14 08:46:23.931root 11241100x80000000000000001749946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a789696c9a3977692022-02-14 08:46:23.931root 11241100x80000000000000001749947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fd78c1554c9b292022-02-14 08:46:23.931root 11241100x80000000000000001749948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c40fe61516b948c2022-02-14 08:46:23.931root 11241100x80000000000000001749949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5cc9d259c6a0c82022-02-14 08:46:23.932root 11241100x80000000000000001749950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5e99e5f798c4eb2022-02-14 08:46:23.932root 11241100x80000000000000001749951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b18faa43d8c4202022-02-14 08:46:23.932root 11241100x80000000000000001749952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3726045c474024dc2022-02-14 08:46:23.932root 11241100x80000000000000001749953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604b597f01fca1af2022-02-14 08:46:23.932root 11241100x80000000000000001749954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1fe840f18963452022-02-14 08:46:23.933root 11241100x80000000000000001749955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1538143a9d40b4d2022-02-14 08:46:23.933root 11241100x80000000000000001749956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42caf81b8de1f8df2022-02-14 08:46:23.933root 11241100x80000000000000001749957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0380e53548bc87732022-02-14 08:46:23.933root 11241100x80000000000000001749958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0555adbfb4d70ead2022-02-14 08:46:23.934root 11241100x80000000000000001749959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc1e9e46f92c23d2022-02-14 08:46:23.934root 11241100x80000000000000001749960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cab5e6b19d55a032022-02-14 08:46:23.934root 11241100x80000000000000001749961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9668d9f62e496e322022-02-14 08:46:23.934root 11241100x80000000000000001749962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:23.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35357120f99bf0ed2022-02-14 08:46:23.934root 354300x80000000000000001749963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.091{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51536-false10.0.1.12-8000- 11241100x80000000000000001749964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93aa0b257fce480c2022-02-14 08:46:24.434root 11241100x80000000000000001749965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0d1750511468a12022-02-14 08:46:24.434root 11241100x80000000000000001749966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb93532840337eab2022-02-14 08:46:24.434root 11241100x80000000000000001749967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ad6678a91f02ae2022-02-14 08:46:24.434root 11241100x80000000000000001749968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ebd18ec3c0121d2022-02-14 08:46:24.434root 11241100x80000000000000001749969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ebbb5fa1665bf42022-02-14 08:46:24.434root 11241100x80000000000000001749970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a4f326458e3ff02022-02-14 08:46:24.435root 11241100x80000000000000001749971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89115cc4cc93c5342022-02-14 08:46:24.436root 11241100x80000000000000001749972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632bd45b73c3cb562022-02-14 08:46:24.436root 11241100x80000000000000001749973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f725f849d84fbb2022-02-14 08:46:24.436root 11241100x80000000000000001749974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0283cea01358e32022-02-14 08:46:24.436root 11241100x80000000000000001749975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c90cddd3bd343912022-02-14 08:46:24.436root 11241100x80000000000000001749976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736dffa19c943d602022-02-14 08:46:24.436root 11241100x80000000000000001749977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0bf9aab69f60612022-02-14 08:46:24.436root 11241100x80000000000000001749978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834e8c8078767a1b2022-02-14 08:46:24.436root 11241100x80000000000000001749979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edf9ec63e306b9b2022-02-14 08:46:24.437root 11241100x80000000000000001749980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5195e361fe8e49e82022-02-14 08:46:24.438root 11241100x80000000000000001749981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc6900fdff23faf2022-02-14 08:46:24.438root 11241100x80000000000000001749982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a014f801c07eb8fc2022-02-14 08:46:24.438root 11241100x80000000000000001749983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23d990100af47512022-02-14 08:46:24.438root 11241100x80000000000000001749984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8315c522d14b07242022-02-14 08:46:24.439root 11241100x80000000000000001749985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7935a78ad1f5b36e2022-02-14 08:46:24.439root 11241100x80000000000000001749986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0db9825262cb5b2022-02-14 08:46:24.930root 11241100x80000000000000001749987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce0ca8cf259923d2022-02-14 08:46:24.930root 11241100x80000000000000001749988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2728607e4392122022-02-14 08:46:24.931root 11241100x80000000000000001749989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c6f78f830b6b7c2022-02-14 08:46:24.931root 11241100x80000000000000001749990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cb9011bb7cf2572022-02-14 08:46:24.931root 11241100x80000000000000001749991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2cad5b77e349992022-02-14 08:46:24.931root 11241100x80000000000000001749992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0454a948881fae2022-02-14 08:46:24.931root 11241100x80000000000000001749993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca6a15bb7671ed52022-02-14 08:46:24.931root 11241100x80000000000000001749994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4c7b2a452a12a42022-02-14 08:46:24.931root 11241100x80000000000000001749995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5e81fba3ef3e572022-02-14 08:46:24.931root 11241100x80000000000000001749996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dfc4d48d0a52f72022-02-14 08:46:24.931root 11241100x80000000000000001749997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7332b3836a87bc2022-02-14 08:46:24.931root 11241100x80000000000000001749998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5ab4d53440108f2022-02-14 08:46:24.932root 11241100x80000000000000001749999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadfd87884111e642022-02-14 08:46:24.932root 11241100x80000000000000001750000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376f2c6fa9a2f9332022-02-14 08:46:24.932root 11241100x80000000000000001750001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c718bf73dcc3032022-02-14 08:46:24.932root 11241100x80000000000000001750002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d811078a0882372022-02-14 08:46:24.932root 11241100x80000000000000001750003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f9be914a80ab9e2022-02-14 08:46:24.932root 11241100x80000000000000001750004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c7f974b84421722022-02-14 08:46:24.932root 11241100x80000000000000001750005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e637ba14d914fae92022-02-14 08:46:24.933root 11241100x80000000000000001750006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aaf274828590d082022-02-14 08:46:24.933root 11241100x80000000000000001750007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:24.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26c90146d061b4a2022-02-14 08:46:24.933root 11241100x80000000000000001750008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dcb2b8907417162022-02-14 08:46:25.429root 11241100x80000000000000001750009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266575deb0657dff2022-02-14 08:46:25.430root 11241100x80000000000000001750010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51543b063c308b6c2022-02-14 08:46:25.430root 11241100x80000000000000001750011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9cc42f484a2bc4d2022-02-14 08:46:25.430root 11241100x80000000000000001750012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32253d93cefec3de2022-02-14 08:46:25.430root 11241100x80000000000000001750013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac34f1e82bc57d8c2022-02-14 08:46:25.430root 11241100x80000000000000001750014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9e4b6d58ca1ef22022-02-14 08:46:25.430root 11241100x80000000000000001750015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12972dbe5ce81332022-02-14 08:46:25.430root 11241100x80000000000000001750016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbefa5dd1e9a4fb82022-02-14 08:46:25.430root 11241100x80000000000000001750017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f6cbc536e1e51c2022-02-14 08:46:25.430root 11241100x80000000000000001750018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdc3b0b9547ad472022-02-14 08:46:25.430root 11241100x80000000000000001750019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8570756781e735162022-02-14 08:46:25.430root 11241100x80000000000000001750020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e354902889237ce2022-02-14 08:46:25.431root 11241100x80000000000000001750021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2fa56927b114f42022-02-14 08:46:25.431root 11241100x80000000000000001750022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9b9fb8365381902022-02-14 08:46:25.431root 11241100x80000000000000001750023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b953acfd36607fcc2022-02-14 08:46:25.431root 11241100x80000000000000001750024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0feb891f0c57d4f2022-02-14 08:46:25.431root 11241100x80000000000000001750025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56adbbd37eed3eb2022-02-14 08:46:25.431root 11241100x80000000000000001750026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd36709bc9b1e7122022-02-14 08:46:25.431root 11241100x80000000000000001750027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d3f483c9f22d332022-02-14 08:46:25.431root 11241100x80000000000000001750028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c75678502b4db8c2022-02-14 08:46:25.431root 11241100x80000000000000001750029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2584af4c93816a722022-02-14 08:46:25.431root 11241100x80000000000000001750030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3871ae8c0a2258732022-02-14 08:46:25.431root 11241100x80000000000000001750031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ba40416a0946c12022-02-14 08:46:25.432root 11241100x80000000000000001750032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3284e4edfba0c5212022-02-14 08:46:25.930root 11241100x80000000000000001750033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb4a1ee8af1e8c82022-02-14 08:46:25.931root 11241100x80000000000000001750034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be7a8f76a26f8cf2022-02-14 08:46:25.931root 11241100x80000000000000001750035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa07140983bcce02022-02-14 08:46:25.931root 11241100x80000000000000001750036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fbe3ebcf0d61b42022-02-14 08:46:25.931root 11241100x80000000000000001750037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb24f9c0e7a841912022-02-14 08:46:25.931root 11241100x80000000000000001750038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be15fe58b2d76de2022-02-14 08:46:25.931root 11241100x80000000000000001750039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c25d6ecdc42df202022-02-14 08:46:25.931root 11241100x80000000000000001750040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6f8f91263542042022-02-14 08:46:25.931root 11241100x80000000000000001750041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ef4299e8e4da372022-02-14 08:46:25.931root 11241100x80000000000000001750042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a6c4279bbbd9772022-02-14 08:46:25.931root 11241100x80000000000000001750043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d91e590b645b72f2022-02-14 08:46:25.931root 11241100x80000000000000001750044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d268bfbb37c660e42022-02-14 08:46:25.932root 11241100x80000000000000001750045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f6d1ae5949b23e2022-02-14 08:46:25.932root 11241100x80000000000000001750046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1229f17a34ad2d012022-02-14 08:46:25.932root 11241100x80000000000000001750047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596a86ad1b58b6a12022-02-14 08:46:25.932root 11241100x80000000000000001750048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9230e943a4b016c52022-02-14 08:46:25.932root 11241100x80000000000000001750049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7d46adf7277b202022-02-14 08:46:25.932root 11241100x80000000000000001750050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69852fbcbbe8c04d2022-02-14 08:46:25.932root 11241100x80000000000000001750051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8affa3bcc37fe8752022-02-14 08:46:25.932root 11241100x80000000000000001750052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fc323b2d84c3382022-02-14 08:46:25.932root 11241100x80000000000000001750053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:25.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714c49c7286808b02022-02-14 08:46:25.933root 11241100x80000000000000001750054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892baf5d3722d92c2022-02-14 08:46:26.430root 11241100x80000000000000001750055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02ec6c610dc0be12022-02-14 08:46:26.430root 11241100x80000000000000001750056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318ce1ec910f65d92022-02-14 08:46:26.431root 11241100x80000000000000001750057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e93f0bcf8f628592022-02-14 08:46:26.431root 11241100x80000000000000001750058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fc191d52c46d142022-02-14 08:46:26.431root 11241100x80000000000000001750059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10ba4b80c5349c62022-02-14 08:46:26.431root 11241100x80000000000000001750060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a550e45131bf049e2022-02-14 08:46:26.431root 11241100x80000000000000001750061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ab4ec1285899bb2022-02-14 08:46:26.431root 11241100x80000000000000001750062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcab62ff21e0c2b82022-02-14 08:46:26.431root 11241100x80000000000000001750063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd74f73a9b6fa7f52022-02-14 08:46:26.431root 11241100x80000000000000001750064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f1501bbe7ce88b2022-02-14 08:46:26.431root 11241100x80000000000000001750065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb250fa8fdaf49d32022-02-14 08:46:26.431root 11241100x80000000000000001750066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd76ef385b5bf4fa2022-02-14 08:46:26.431root 11241100x80000000000000001750067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e218ff2f0346062022-02-14 08:46:26.431root 11241100x80000000000000001750068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1434e91da9a2512022-02-14 08:46:26.431root 11241100x80000000000000001750069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0062672eb09b6b62022-02-14 08:46:26.432root 11241100x80000000000000001750070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af10a10eac65b1e2022-02-14 08:46:26.432root 11241100x80000000000000001750071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6fa34075dc701b2022-02-14 08:46:26.432root 11241100x80000000000000001750072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857acfc8dbefaec32022-02-14 08:46:26.432root 11241100x80000000000000001750073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88b0b0c02c17dfb2022-02-14 08:46:26.432root 11241100x80000000000000001750074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734ad853b317c8802022-02-14 08:46:26.432root 11241100x80000000000000001750075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f350627b0e2f93a72022-02-14 08:46:26.432root 11241100x80000000000000001750076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86abcf5b4dcd2402022-02-14 08:46:26.931root 11241100x80000000000000001750077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4915788549211362022-02-14 08:46:26.931root 11241100x80000000000000001750078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3393d2fc0001d6d62022-02-14 08:46:26.931root 11241100x80000000000000001750079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019cd997837ae3cf2022-02-14 08:46:26.931root 11241100x80000000000000001750080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c3cd699ea1e7202022-02-14 08:46:26.931root 11241100x80000000000000001750081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9282b80b0eb020592022-02-14 08:46:26.932root 11241100x80000000000000001750082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bab43ae935935452022-02-14 08:46:26.932root 11241100x80000000000000001750083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb6bf6fa44e4d812022-02-14 08:46:26.933root 11241100x80000000000000001750084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabbbf85ff1abc022022-02-14 08:46:26.933root 11241100x80000000000000001750085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7093b06e21261dc2022-02-14 08:46:26.933root 11241100x80000000000000001750086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df418e0b670f473a2022-02-14 08:46:26.934root 11241100x80000000000000001750087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0481ed15fa10a8a42022-02-14 08:46:26.934root 11241100x80000000000000001750088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42ef7c7cafd973a2022-02-14 08:46:26.934root 11241100x80000000000000001750089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a7049b29e63c742022-02-14 08:46:26.935root 11241100x80000000000000001750090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae81bd2d2f425c222022-02-14 08:46:26.935root 11241100x80000000000000001750091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f4092492af320a2022-02-14 08:46:26.935root 11241100x80000000000000001750092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6105ef1c987b108f2022-02-14 08:46:26.935root 11241100x80000000000000001750093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12694b3dc228d6602022-02-14 08:46:26.936root 11241100x80000000000000001750094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9fced24f0900b1c2022-02-14 08:46:26.936root 11241100x80000000000000001750095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2845744de0e0432022-02-14 08:46:26.936root 11241100x80000000000000001750096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce17dac002ac7252022-02-14 08:46:26.936root 11241100x80000000000000001750097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:26.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51ef696ebb4db7c2022-02-14 08:46:26.937root 11241100x80000000000000001750098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4fde18782164d72022-02-14 08:46:27.430root 11241100x80000000000000001750099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa51a041d700b68b2022-02-14 08:46:27.430root 11241100x80000000000000001750100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61460015ef500a322022-02-14 08:46:27.431root 11241100x80000000000000001750101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b499731e3dcc9d452022-02-14 08:46:27.431root 11241100x80000000000000001750102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd780a39a0f0e852022-02-14 08:46:27.431root 11241100x80000000000000001750103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8f2a93e5d7e5d52022-02-14 08:46:27.431root 11241100x80000000000000001750104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdb45d3894562402022-02-14 08:46:27.431root 11241100x80000000000000001750105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1b3f1d26e1a5ea2022-02-14 08:46:27.431root 11241100x80000000000000001750106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5a27e355f0f7182022-02-14 08:46:27.431root 11241100x80000000000000001750107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0d8a4d91ac33742022-02-14 08:46:27.431root 11241100x80000000000000001750108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403c81f36c1b1a6e2022-02-14 08:46:27.431root 11241100x80000000000000001750109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2030a66bd141c0c42022-02-14 08:46:27.431root 11241100x80000000000000001750110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7a5d090f2288ca2022-02-14 08:46:27.431root 11241100x80000000000000001750111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb00cfaf3da24aa2022-02-14 08:46:27.431root 11241100x80000000000000001750112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351c691305730d5b2022-02-14 08:46:27.431root 11241100x80000000000000001750113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74619ccab9d62e42022-02-14 08:46:27.431root 11241100x80000000000000001750114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab8837610568a372022-02-14 08:46:27.431root 11241100x80000000000000001750115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6883cff5fb44931a2022-02-14 08:46:27.432root 11241100x80000000000000001750116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aeae97dd28531ad2022-02-14 08:46:27.432root 11241100x80000000000000001750117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a11ddbf08fd92462022-02-14 08:46:27.432root 11241100x80000000000000001750118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b783233b3b26ec92022-02-14 08:46:27.432root 11241100x80000000000000001750119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4607c20967fb862022-02-14 08:46:27.432root 11241100x80000000000000001750120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034959af4f4bfb252022-02-14 08:46:27.930root 11241100x80000000000000001750121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b614d24ca73d00dc2022-02-14 08:46:27.930root 11241100x80000000000000001750122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8029e1fcf9eed35d2022-02-14 08:46:27.931root 11241100x80000000000000001750123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c08e2ea41945832022-02-14 08:46:27.931root 11241100x80000000000000001750124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7d8934490919682022-02-14 08:46:27.931root 11241100x80000000000000001750125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5f3ca51b1a2f732022-02-14 08:46:27.931root 11241100x80000000000000001750126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1de86bc05473f52022-02-14 08:46:27.931root 11241100x80000000000000001750127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc9acc2ec8768072022-02-14 08:46:27.931root 11241100x80000000000000001750128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf50e4b37ff429d2022-02-14 08:46:27.931root 11241100x80000000000000001750129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d240aff092373cf32022-02-14 08:46:27.931root 11241100x80000000000000001750130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44091910e5c567642022-02-14 08:46:27.931root 11241100x80000000000000001750131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fd8b1dbbc3fd182022-02-14 08:46:27.931root 11241100x80000000000000001750132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ad224338cd2e4a2022-02-14 08:46:27.931root 11241100x80000000000000001750133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8317faf141f6742022-02-14 08:46:27.931root 11241100x80000000000000001750134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259ad2cec188211c2022-02-14 08:46:27.931root 11241100x80000000000000001750135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1bc1ac3b75a15a2022-02-14 08:46:27.931root 11241100x80000000000000001750136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad8dab96a79595c2022-02-14 08:46:27.932root 11241100x80000000000000001750137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1913fa724690abd02022-02-14 08:46:27.932root 11241100x80000000000000001750138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ed79d7c090559d2022-02-14 08:46:27.932root 11241100x80000000000000001750139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f1ebcf3e5ed3ce2022-02-14 08:46:27.932root 11241100x80000000000000001750140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0c0ec02ada9a3f2022-02-14 08:46:27.932root 11241100x80000000000000001750141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:27.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be750c316d8661d2022-02-14 08:46:27.932root 11241100x80000000000000001750142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7d4e43888e71282022-02-14 08:46:28.429root 11241100x80000000000000001750143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378ba407e877b45b2022-02-14 08:46:28.430root 11241100x80000000000000001750144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6156deecf9a5cf92022-02-14 08:46:28.430root 11241100x80000000000000001750145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4a4b8ac44b6b112022-02-14 08:46:28.430root 11241100x80000000000000001750146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede41cb65078ea272022-02-14 08:46:28.430root 11241100x80000000000000001750147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d22f6f51391024c2022-02-14 08:46:28.430root 11241100x80000000000000001750148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a934454c3d01f99c2022-02-14 08:46:28.430root 11241100x80000000000000001750149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2948103a3b5eb702022-02-14 08:46:28.430root 11241100x80000000000000001750150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01780f18bd6c082f2022-02-14 08:46:28.430root 11241100x80000000000000001750151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45685374f93d77932022-02-14 08:46:28.430root 11241100x80000000000000001750152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4622c1856c2c3b12022-02-14 08:46:28.430root 11241100x80000000000000001750153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a5912ab27393e92022-02-14 08:46:28.430root 11241100x80000000000000001750154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5356ab5a776c172022-02-14 08:46:28.430root 11241100x80000000000000001750155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66625097186a8f82022-02-14 08:46:28.431root 11241100x80000000000000001750156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237e3cf2bf71753e2022-02-14 08:46:28.431root 11241100x80000000000000001750157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b4268e512f89052022-02-14 08:46:28.431root 11241100x80000000000000001750158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd3a2794dd7b7bc2022-02-14 08:46:28.431root 11241100x80000000000000001750159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664c21e843ffd1e92022-02-14 08:46:28.431root 11241100x80000000000000001750160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0383e8b7b36f60ae2022-02-14 08:46:28.431root 11241100x80000000000000001750161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf754c62064b00052022-02-14 08:46:28.431root 11241100x80000000000000001750162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5590cbe49b228f62022-02-14 08:46:28.431root 11241100x80000000000000001750163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d7e92ab796b2c02022-02-14 08:46:28.431root 11241100x80000000000000001750164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718a4428d8f8f6cd2022-02-14 08:46:28.930root 11241100x80000000000000001750165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3635fafb8edde5c32022-02-14 08:46:28.930root 11241100x80000000000000001750166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4614728d8dc7a62022-02-14 08:46:28.931root 11241100x80000000000000001750167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed9bb8b158048f12022-02-14 08:46:28.931root 11241100x80000000000000001750168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2229bd6e50e22e532022-02-14 08:46:28.931root 11241100x80000000000000001750169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250111bf7b7ca51b2022-02-14 08:46:28.931root 11241100x80000000000000001750170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ea9e76238c67212022-02-14 08:46:28.931root 11241100x80000000000000001750171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f840e21ece3fc72c2022-02-14 08:46:28.931root 11241100x80000000000000001750172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b541a3cd403d17602022-02-14 08:46:28.931root 11241100x80000000000000001750173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0407538c60cf56312022-02-14 08:46:28.931root 11241100x80000000000000001750174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9c5236f8969abb2022-02-14 08:46:28.931root 11241100x80000000000000001750175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4916f9ac692960102022-02-14 08:46:28.931root 11241100x80000000000000001750176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae6066900c24dcd2022-02-14 08:46:28.931root 11241100x80000000000000001750177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23c3aef99fc1c9f2022-02-14 08:46:28.931root 11241100x80000000000000001750178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbf8dfa061a64882022-02-14 08:46:28.931root 11241100x80000000000000001750179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf3b7f5be4e12b02022-02-14 08:46:28.931root 11241100x80000000000000001750180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cc4015e004b4322022-02-14 08:46:28.932root 11241100x80000000000000001750181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6701dfc2fe8b5d2022-02-14 08:46:28.932root 11241100x80000000000000001750182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3a58098dbc6b8b2022-02-14 08:46:28.932root 11241100x80000000000000001750183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a88753eae4865262022-02-14 08:46:28.932root 11241100x80000000000000001750184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fb3bb554d411382022-02-14 08:46:28.932root 11241100x80000000000000001750185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:28.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0a5a9ae6224eb42022-02-14 08:46:28.932root 11241100x80000000000000001750186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7c044b79232d472022-02-14 08:46:29.430root 11241100x80000000000000001750187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2815bdfe3e0bd0302022-02-14 08:46:29.430root 11241100x80000000000000001750188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ddb3b35acb27a62022-02-14 08:46:29.431root 11241100x80000000000000001750189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed35ade36510ba92022-02-14 08:46:29.431root 11241100x80000000000000001750190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f3f89cc835f56a2022-02-14 08:46:29.431root 11241100x80000000000000001750191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df634a9b3a21f9f2022-02-14 08:46:29.431root 11241100x80000000000000001750192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43b8e6d11bccad32022-02-14 08:46:29.431root 11241100x80000000000000001750193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6abe7056987718fe2022-02-14 08:46:29.431root 11241100x80000000000000001750194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c300b4010c340af62022-02-14 08:46:29.431root 11241100x80000000000000001750195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babe5ac3dd010d7a2022-02-14 08:46:29.431root 11241100x80000000000000001750196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182a0367072832a72022-02-14 08:46:29.431root 11241100x80000000000000001750197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7a3fd0b99475f82022-02-14 08:46:29.431root 11241100x80000000000000001750198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab62d37717a829c2022-02-14 08:46:29.432root 11241100x80000000000000001750199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1306434df275052022-02-14 08:46:29.432root 11241100x80000000000000001750200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20b6d61f7f725af2022-02-14 08:46:29.432root 11241100x80000000000000001750201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0711aee99f61356a2022-02-14 08:46:29.432root 11241100x80000000000000001750202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21070d3c01e95d52022-02-14 08:46:29.432root 11241100x80000000000000001750203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551378252cc1a8cc2022-02-14 08:46:29.432root 11241100x80000000000000001750204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb83c49e683fea832022-02-14 08:46:29.432root 11241100x80000000000000001750205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca786a4074d94082022-02-14 08:46:29.432root 11241100x80000000000000001750206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885d0fb7b0d9b4e42022-02-14 08:46:29.432root 11241100x80000000000000001750207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0efdd6300b4c282022-02-14 08:46:29.432root 11241100x80000000000000001750208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb994749c93d5f582022-02-14 08:46:29.930root 11241100x80000000000000001750209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ef3f0bdb2d809c2022-02-14 08:46:29.930root 11241100x80000000000000001750210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26029027be33bde92022-02-14 08:46:29.931root 11241100x80000000000000001750211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbd00b507d585e02022-02-14 08:46:29.931root 11241100x80000000000000001750212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aaafb62df7828bd2022-02-14 08:46:29.931root 11241100x80000000000000001750213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563e7c36c0a140e72022-02-14 08:46:29.931root 11241100x80000000000000001750214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a808e7fcd2409482022-02-14 08:46:29.931root 11241100x80000000000000001750215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deaeba0ab24fb3082022-02-14 08:46:29.931root 11241100x80000000000000001750216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db71cb136baff88d2022-02-14 08:46:29.931root 11241100x80000000000000001750217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6663004bd00df3962022-02-14 08:46:29.931root 11241100x80000000000000001750218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b8ea57e95813b82022-02-14 08:46:29.931root 11241100x80000000000000001750219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66a875101c4dfa02022-02-14 08:46:29.931root 11241100x80000000000000001750220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364b18aaaba775182022-02-14 08:46:29.931root 11241100x80000000000000001750221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe7e94e45120e0b2022-02-14 08:46:29.932root 11241100x80000000000000001750222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3fd8e1eef63e942022-02-14 08:46:29.932root 11241100x80000000000000001750223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4010dacdbc057d42022-02-14 08:46:29.932root 11241100x80000000000000001750224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0ccc33514dd30c2022-02-14 08:46:29.932root 11241100x80000000000000001750225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3114ddd48dca87432022-02-14 08:46:29.932root 11241100x80000000000000001750226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d707fd87a464f302022-02-14 08:46:29.932root 11241100x80000000000000001750227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377f37721fa6a67c2022-02-14 08:46:29.932root 11241100x80000000000000001750228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a4781bad5eb81a2022-02-14 08:46:29.932root 11241100x80000000000000001750229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:29.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61dc9aebce9a3902022-02-14 08:46:29.932root 354300x80000000000000001750230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.078{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51538-false10.0.1.12-8000- 11241100x80000000000000001750231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bafe4fc4d143e6f2022-02-14 08:46:30.430root 11241100x80000000000000001750232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131960738e041c442022-02-14 08:46:30.430root 11241100x80000000000000001750233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e639764f500a2c372022-02-14 08:46:30.430root 11241100x80000000000000001750234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bccce672b3b6d82022-02-14 08:46:30.430root 11241100x80000000000000001750235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12389401eef83b32022-02-14 08:46:30.431root 11241100x80000000000000001750236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ac8d6ac1768fe92022-02-14 08:46:30.431root 11241100x80000000000000001750237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4065e43ef2c2f1a2022-02-14 08:46:30.431root 11241100x80000000000000001750238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd26cad669654dbe2022-02-14 08:46:30.431root 11241100x80000000000000001750239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9793cd523e34deee2022-02-14 08:46:30.431root 11241100x80000000000000001750240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0d2c32d71d402d2022-02-14 08:46:30.432root 11241100x80000000000000001750241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db1a687608da82c2022-02-14 08:46:30.432root 11241100x80000000000000001750242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e071ee873837ecc52022-02-14 08:46:30.432root 11241100x80000000000000001750243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6405e3a04ca36b32022-02-14 08:46:30.432root 11241100x80000000000000001750244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db083efe26b8e08e2022-02-14 08:46:30.432root 11241100x80000000000000001750245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682a39008cd249262022-02-14 08:46:30.432root 11241100x80000000000000001750246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b145324af3d3d72022-02-14 08:46:30.433root 11241100x80000000000000001750247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d304cc55ee1ba5d72022-02-14 08:46:30.433root 11241100x80000000000000001750248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a23e80d51e26822022-02-14 08:46:30.433root 11241100x80000000000000001750249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c891c80f72120ad2022-02-14 08:46:30.433root 11241100x80000000000000001750250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556ecbf17cc806032022-02-14 08:46:30.433root 11241100x80000000000000001750251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150507b68fb0a0562022-02-14 08:46:30.434root 11241100x80000000000000001750252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84eb3b4860f3f7b2022-02-14 08:46:30.434root 11241100x80000000000000001750253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410f6843505451702022-02-14 08:46:30.434root 11241100x80000000000000001750254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abc419cb04fa87a2022-02-14 08:46:30.434root 11241100x80000000000000001750255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535836af81f5ccca2022-02-14 08:46:30.434root 154100x80000000000000001750256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.741{ec2ab09f-16e6-620a-e896-8ba50b560000}2028/bin/ls-----ls --color=auto -l/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{ec2ab09f-1691-620a-0814-31b1c5550000}2004/bin/bash-bashubuntu 11241100x80000000000000001750257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e88de4ba7b20e6d2022-02-14 08:46:30.742root 11241100x80000000000000001750258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7e2546a965a7fd2022-02-14 08:46:30.742root 11241100x80000000000000001750259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.743{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b6d12c8f03e8b22022-02-14 08:46:30.743root 11241100x80000000000000001750260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.743{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccb75ec1d4ccb772022-02-14 08:46:30.743root 534500x80000000000000001750261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.743{ec2ab09f-16e6-620a-e896-8ba50b560000}2028/bin/lsubuntu 11241100x80000000000000001750262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.744{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac31d1f518be9822022-02-14 08:46:30.744root 11241100x80000000000000001750263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.744{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52342231f71acfb72022-02-14 08:46:30.744root 11241100x80000000000000001750264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.744{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb7a2f6633b7cae2022-02-14 08:46:30.744root 11241100x80000000000000001750265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f728007fa1294882022-02-14 08:46:30.745root 11241100x80000000000000001750266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5719ab5e1b49d22022-02-14 08:46:30.745root 11241100x80000000000000001750267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f2b850f31433dd2022-02-14 08:46:30.745root 11241100x80000000000000001750268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281ceb88cc8c41ae2022-02-14 08:46:30.745root 11241100x80000000000000001750269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b53e53d807c8c722022-02-14 08:46:30.745root 11241100x80000000000000001750270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55827a7afaa63ba82022-02-14 08:46:30.745root 11241100x80000000000000001750271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10642b402c4092732022-02-14 08:46:30.745root 11241100x80000000000000001750272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab89cf5119d95dba2022-02-14 08:46:30.745root 11241100x80000000000000001750273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d3ebe8005e24d02022-02-14 08:46:30.746root 11241100x80000000000000001750274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f964d2aad2664f2022-02-14 08:46:30.746root 11241100x80000000000000001750275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8789c3b7d9395b962022-02-14 08:46:30.746root 11241100x80000000000000001750276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7220954643f8172022-02-14 08:46:30.746root 11241100x80000000000000001750277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae54656f124eba842022-02-14 08:46:30.747root 11241100x80000000000000001750278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6b16f3ca7c42b82022-02-14 08:46:30.747root 11241100x80000000000000001750279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dceddd7d59bf7a22022-02-14 08:46:30.747root 11241100x80000000000000001750280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d54b23c6bdeb6872022-02-14 08:46:30.747root 11241100x80000000000000001750281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ade94d44dc222cc2022-02-14 08:46:30.747root 11241100x80000000000000001750282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabfd4fe52516e0b2022-02-14 08:46:30.747root 11241100x80000000000000001750283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107841171a0707882022-02-14 08:46:30.748root 11241100x80000000000000001750284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:30.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a593f682071b2c882022-02-14 08:46:30.748root 11241100x80000000000000001750285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a523b548aebdfe2022-02-14 08:46:31.180root 11241100x80000000000000001750286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b14ca0f1f2caf5f2022-02-14 08:46:31.181root 11241100x80000000000000001750287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55da1fe11465483c2022-02-14 08:46:31.182root 11241100x80000000000000001750288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7914cf82a33024622022-02-14 08:46:31.182root 11241100x80000000000000001750289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b74b54b62708f882022-02-14 08:46:31.182root 11241100x80000000000000001750290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993fd45474f32aac2022-02-14 08:46:31.182root 11241100x80000000000000001750291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc513a4d191c75e2022-02-14 08:46:31.182root 11241100x80000000000000001750292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f24f75f4545f6b82022-02-14 08:46:31.182root 11241100x80000000000000001750293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b344c2ae347e89bb2022-02-14 08:46:31.182root 11241100x80000000000000001750294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92138de07d5ae4332022-02-14 08:46:31.183root 11241100x80000000000000001750295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce2cdaaf24cbbd82022-02-14 08:46:31.183root 11241100x80000000000000001750296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb4464adc3e7a6e2022-02-14 08:46:31.183root 11241100x80000000000000001750297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740cec798952ad672022-02-14 08:46:31.185root 11241100x80000000000000001750298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3050e4e2b00102402022-02-14 08:46:31.186root 11241100x80000000000000001750299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd207796af3707602022-02-14 08:46:31.186root 11241100x80000000000000001750300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d25d170d4624d42022-02-14 08:46:31.186root 11241100x80000000000000001750301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cbe23bc6431a562022-02-14 08:46:31.186root 11241100x80000000000000001750302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73582dbaa05a1dde2022-02-14 08:46:31.186root 11241100x80000000000000001750303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6634862a123c9a272022-02-14 08:46:31.186root 11241100x80000000000000001750304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985cc547450518a62022-02-14 08:46:31.186root 11241100x80000000000000001750305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e9e69c015c31f42022-02-14 08:46:31.186root 11241100x80000000000000001750306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86bf6cb0f7cc71072022-02-14 08:46:31.187root 11241100x80000000000000001750307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2836139a5985a7f52022-02-14 08:46:31.187root 11241100x80000000000000001750308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8932225c78a8d9c52022-02-14 08:46:31.187root 11241100x80000000000000001750309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9950664fd80b5222022-02-14 08:46:31.187root 11241100x80000000000000001750310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c1c47b160dc9e22022-02-14 08:46:31.681root 11241100x80000000000000001750311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7151ea8e3eae28102022-02-14 08:46:31.681root 11241100x80000000000000001750312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c654b97ac27361a62022-02-14 08:46:31.681root 11241100x80000000000000001750313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a74c7849f1419332022-02-14 08:46:31.682root 11241100x80000000000000001750314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3526b4d8b6c4b8e2022-02-14 08:46:31.682root 11241100x80000000000000001750315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af786992e15ef6742022-02-14 08:46:31.682root 11241100x80000000000000001750316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e29247028917a4d2022-02-14 08:46:31.682root 11241100x80000000000000001750317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587b41c583ca920a2022-02-14 08:46:31.682root 11241100x80000000000000001750318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f316ce86590eee2022-02-14 08:46:31.682root 11241100x80000000000000001750319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4869f74f679d9b2022-02-14 08:46:31.682root 11241100x80000000000000001750320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9dda32858c08d122022-02-14 08:46:31.682root 11241100x80000000000000001750321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a979951b5c664512022-02-14 08:46:31.682root 11241100x80000000000000001750322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72b39a083f26b0d2022-02-14 08:46:31.683root 11241100x80000000000000001750323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77046f3f48de07a92022-02-14 08:46:31.683root 11241100x80000000000000001750324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ef705a5e93b31b2022-02-14 08:46:31.684root 11241100x80000000000000001750325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3f55ffc046bd3d2022-02-14 08:46:31.684root 11241100x80000000000000001750326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9e90378163d3fe2022-02-14 08:46:31.684root 11241100x80000000000000001750327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7622ea7e9b9480e2022-02-14 08:46:31.684root 11241100x80000000000000001750328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611a86dd49b8f92a2022-02-14 08:46:31.684root 11241100x80000000000000001750329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a823957673c80b32022-02-14 08:46:31.685root 11241100x80000000000000001750330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9462ef25040b8f92022-02-14 08:46:31.685root 11241100x80000000000000001750331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bdfad83624a6c32022-02-14 08:46:31.685root 11241100x80000000000000001750332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205eb579653a89f42022-02-14 08:46:31.686root 11241100x80000000000000001750333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d0eb26e8d2163a2022-02-14 08:46:31.686root 11241100x80000000000000001750334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:31.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000fdcddbc69f8cf2022-02-14 08:46:31.686root 11241100x80000000000000001750335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63441aeb3d9828212022-02-14 08:46:32.180root 11241100x80000000000000001750336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c664452c6180b1ae2022-02-14 08:46:32.181root 11241100x80000000000000001750337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c46ea63b94153e72022-02-14 08:46:32.181root 11241100x80000000000000001750338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdeb3358c2a299ca2022-02-14 08:46:32.181root 11241100x80000000000000001750339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3701ab9e896957cf2022-02-14 08:46:32.181root 11241100x80000000000000001750340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ae36d9d926e5282022-02-14 08:46:32.181root 11241100x80000000000000001750341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223cba9fa0b9daad2022-02-14 08:46:32.181root 11241100x80000000000000001750342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbb0f85797e63702022-02-14 08:46:32.181root 11241100x80000000000000001750343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58712b41e27cf1142022-02-14 08:46:32.181root 11241100x80000000000000001750344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c5d9b0c68666af2022-02-14 08:46:32.181root 11241100x80000000000000001750345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b4249152d363902022-02-14 08:46:32.181root 11241100x80000000000000001750346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb23b6f8db483c4e2022-02-14 08:46:32.182root 11241100x80000000000000001750347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e68588db65999352022-02-14 08:46:32.182root 11241100x80000000000000001750348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b971c3029576a8762022-02-14 08:46:32.182root 11241100x80000000000000001750349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce9d3b0496aeb472022-02-14 08:46:32.182root 11241100x80000000000000001750350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176f261207d10e192022-02-14 08:46:32.182root 11241100x80000000000000001750351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6ea404ff9150372022-02-14 08:46:32.182root 11241100x80000000000000001750352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5489258ee613ca2022-02-14 08:46:32.182root 11241100x80000000000000001750353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb576ba2f9c3cdf2022-02-14 08:46:32.182root 11241100x80000000000000001750354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b4b79a9c9547a72022-02-14 08:46:32.182root 11241100x80000000000000001750355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df4bfc02fdaf0de2022-02-14 08:46:32.183root 11241100x80000000000000001750356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09bb98f6c66e63dc2022-02-14 08:46:32.183root 11241100x80000000000000001750357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262d204bde5d9f1f2022-02-14 08:46:32.183root 11241100x80000000000000001750358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a256a0fbb73df32022-02-14 08:46:32.183root 11241100x80000000000000001750359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d4eb514c05c1312022-02-14 08:46:32.183root 11241100x80000000000000001750360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44901d19e92ccd3d2022-02-14 08:46:32.680root 11241100x80000000000000001750361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b7c82fa7ad3fdf2022-02-14 08:46:32.681root 11241100x80000000000000001750362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3a0775992e075f2022-02-14 08:46:32.681root 11241100x80000000000000001750363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362f4bafeaa94c5e2022-02-14 08:46:32.681root 11241100x80000000000000001750364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609cc96826bfea382022-02-14 08:46:32.681root 11241100x80000000000000001750365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dab0f4b185bee92022-02-14 08:46:32.681root 11241100x80000000000000001750366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d017431ad3fc91c92022-02-14 08:46:32.681root 11241100x80000000000000001750367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008f538caf1efbc32022-02-14 08:46:32.681root 11241100x80000000000000001750368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6caab0e8f27c09d2022-02-14 08:46:32.681root 11241100x80000000000000001750369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf234bf02cb933da2022-02-14 08:46:32.681root 11241100x80000000000000001750370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c220221935d69a4c2022-02-14 08:46:32.681root 11241100x80000000000000001750371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231fee30fcf27dd42022-02-14 08:46:32.681root 11241100x80000000000000001750372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c7cbc736c56be02022-02-14 08:46:32.682root 11241100x80000000000000001750373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012b46c6752506a62022-02-14 08:46:32.682root 11241100x80000000000000001750374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548bd64771567fe82022-02-14 08:46:32.682root 11241100x80000000000000001750375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf478957f476d3b2022-02-14 08:46:32.682root 11241100x80000000000000001750376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b59db00abc6ce722022-02-14 08:46:32.682root 11241100x80000000000000001750377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88eefd4df7da1172022-02-14 08:46:32.682root 11241100x80000000000000001750378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce8625520b8faae2022-02-14 08:46:32.682root 11241100x80000000000000001750379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee0ed16d36d7d842022-02-14 08:46:32.682root 11241100x80000000000000001750380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3584ba9e5d8e0502022-02-14 08:46:32.682root 11241100x80000000000000001750381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71ec80e93dd280d2022-02-14 08:46:32.683root 11241100x80000000000000001750382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96459dff5162c0bc2022-02-14 08:46:32.683root 11241100x80000000000000001750383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc76a83dff457f8a2022-02-14 08:46:32.683root 11241100x80000000000000001750384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:32.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e20a4d420ed0b62022-02-14 08:46:32.683root 11241100x80000000000000001750385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed01028d34537302022-02-14 08:46:33.180root 11241100x80000000000000001750386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316d195dd37bcb202022-02-14 08:46:33.181root 11241100x80000000000000001750387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59217b38d35405a12022-02-14 08:46:33.181root 11241100x80000000000000001750388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bcdff3c1ebf7342022-02-14 08:46:33.181root 11241100x80000000000000001750389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8e4d620315f5282022-02-14 08:46:33.181root 11241100x80000000000000001750390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa3fdaaba9a297e2022-02-14 08:46:33.181root 11241100x80000000000000001750391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942d09e61e03973f2022-02-14 08:46:33.181root 11241100x80000000000000001750392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0a96cb050518442022-02-14 08:46:33.181root 11241100x80000000000000001750393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef4a9fa0ff73d9d2022-02-14 08:46:33.181root 11241100x80000000000000001750394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4d884384fe98f82022-02-14 08:46:33.181root 11241100x80000000000000001750395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01922b6f0b709d602022-02-14 08:46:33.182root 11241100x80000000000000001750396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ccba5904f56d072022-02-14 08:46:33.182root 11241100x80000000000000001750397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb71841a933f1ee2022-02-14 08:46:33.182root 11241100x80000000000000001750398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3b255d4df4c8ba2022-02-14 08:46:33.182root 11241100x80000000000000001750399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866efa1d514640432022-02-14 08:46:33.182root 11241100x80000000000000001750400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7860ab0ac1bb8c282022-02-14 08:46:33.182root 11241100x80000000000000001750401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cf780f4cbf7f462022-02-14 08:46:33.182root 11241100x80000000000000001750402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f3a39987c45b0d2022-02-14 08:46:33.183root 11241100x80000000000000001750403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715ebeed998e1c3a2022-02-14 08:46:33.184root 11241100x80000000000000001750404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef484fddf4fa46342022-02-14 08:46:33.184root 11241100x80000000000000001750405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb9a821bcc520bd2022-02-14 08:46:33.184root 11241100x80000000000000001750406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11860828215ba86b2022-02-14 08:46:33.184root 11241100x80000000000000001750407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb7cc4e2419c6532022-02-14 08:46:33.184root 11241100x80000000000000001750408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9884543f79a040b22022-02-14 08:46:33.184root 11241100x80000000000000001750409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137670551d70036b2022-02-14 08:46:33.184root 11241100x80000000000000001750410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2354dc71c8b5152022-02-14 08:46:33.680root 11241100x80000000000000001750411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6430dc536d8cce672022-02-14 08:46:33.681root 11241100x80000000000000001750412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db4ba7071adf51f2022-02-14 08:46:33.681root 11241100x80000000000000001750413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72838752ad3d93352022-02-14 08:46:33.681root 11241100x80000000000000001750414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6575463d179f70ff2022-02-14 08:46:33.681root 11241100x80000000000000001750415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb57cd6a8e596ee2022-02-14 08:46:33.681root 11241100x80000000000000001750416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27798387d763aea2022-02-14 08:46:33.681root 11241100x80000000000000001750417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1600d01f25206c42022-02-14 08:46:33.681root 11241100x80000000000000001750418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c490f6dc69099a22022-02-14 08:46:33.681root 11241100x80000000000000001750419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732ce5da3021b66d2022-02-14 08:46:33.681root 11241100x80000000000000001750420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde70f81c30b89a22022-02-14 08:46:33.681root 11241100x80000000000000001750421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59bb0d73442ef9942022-02-14 08:46:33.682root 11241100x80000000000000001750422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1ed8a0b17940772022-02-14 08:46:33.682root 11241100x80000000000000001750423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c031e1cd114a2bdf2022-02-14 08:46:33.682root 11241100x80000000000000001750424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4aa2d59939981f2022-02-14 08:46:33.682root 11241100x80000000000000001750425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60f24f9b4c7ada32022-02-14 08:46:33.682root 11241100x80000000000000001750426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bad538e10b03d1f2022-02-14 08:46:33.682root 11241100x80000000000000001750427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b6bce5355aa00a2022-02-14 08:46:33.682root 11241100x80000000000000001750428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6155fd47eb2920d2022-02-14 08:46:33.683root 11241100x80000000000000001750429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac8bea1418f76cd2022-02-14 08:46:33.683root 11241100x80000000000000001750430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97650da857e2a342022-02-14 08:46:33.683root 11241100x80000000000000001750431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1284c52eb494782022-02-14 08:46:33.683root 11241100x80000000000000001750432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7185c6b2f74f1a2022-02-14 08:46:33.683root 11241100x80000000000000001750433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f13e5962882b9ee2022-02-14 08:46:33.683root 11241100x80000000000000001750434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58427556b20559562022-02-14 08:46:33.683root 11241100x80000000000000001750435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab2e5b8c2ae9ce02022-02-14 08:46:34.180root 11241100x80000000000000001750436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b64a0ba475bb7532022-02-14 08:46:34.181root 11241100x80000000000000001750437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6188495be7feeb2022-02-14 08:46:34.181root 11241100x80000000000000001750438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419cc426321a60a72022-02-14 08:46:34.181root 11241100x80000000000000001750439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9cd7fc14214b3772022-02-14 08:46:34.181root 11241100x80000000000000001750440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe35e97351ce18c2022-02-14 08:46:34.181root 11241100x80000000000000001750441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2e0286453b674a2022-02-14 08:46:34.181root 11241100x80000000000000001750442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd365a5f91ff3b82022-02-14 08:46:34.181root 11241100x80000000000000001750443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5ca47c638685b02022-02-14 08:46:34.181root 11241100x80000000000000001750444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516869b57a9eb8332022-02-14 08:46:34.182root 11241100x80000000000000001750445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0541637a497f2ab2022-02-14 08:46:34.182root 11241100x80000000000000001750446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f1772337aaba612022-02-14 08:46:34.182root 11241100x80000000000000001750447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befb872eaab9188f2022-02-14 08:46:34.182root 11241100x80000000000000001750448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a284231f71ac3d22022-02-14 08:46:34.182root 11241100x80000000000000001750449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa832c8386da4242022-02-14 08:46:34.182root 11241100x80000000000000001750450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af013c07c28851e22022-02-14 08:46:34.182root 11241100x80000000000000001750451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db5c22259c7b4bc2022-02-14 08:46:34.182root 11241100x80000000000000001750452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbbf49075116e8e2022-02-14 08:46:34.182root 11241100x80000000000000001750453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19328c46818233a2022-02-14 08:46:34.183root 11241100x80000000000000001750454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816b2df4b91c47ca2022-02-14 08:46:34.183root 11241100x80000000000000001750455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80dc3f198362eb12022-02-14 08:46:34.183root 11241100x80000000000000001750456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07022f943d6f67992022-02-14 08:46:34.183root 11241100x80000000000000001750457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8a0b56ecd90fbc2022-02-14 08:46:34.183root 11241100x80000000000000001750458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1617cbcbc389a2f2022-02-14 08:46:34.183root 11241100x80000000000000001750459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba155e208bbb2172022-02-14 08:46:34.183root 11241100x80000000000000001750460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8976b0ced9dff9a82022-02-14 08:46:34.682root 11241100x80000000000000001750461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3380108903880d72022-02-14 08:46:34.682root 11241100x80000000000000001750462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3974e17914022f322022-02-14 08:46:34.682root 11241100x80000000000000001750463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8b99e78931a7f02022-02-14 08:46:34.682root 11241100x80000000000000001750464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ab154e325b87b32022-02-14 08:46:34.682root 11241100x80000000000000001750465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e77ec2c458bfec82022-02-14 08:46:34.682root 11241100x80000000000000001750466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a3f88000d1482a2022-02-14 08:46:34.682root 11241100x80000000000000001750467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808a18e846ce5f3b2022-02-14 08:46:34.682root 11241100x80000000000000001750468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccd33d8b3eac1432022-02-14 08:46:34.683root 11241100x80000000000000001750469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d3afc81d3894372022-02-14 08:46:34.683root 11241100x80000000000000001750470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a634dbef667885a92022-02-14 08:46:34.683root 11241100x80000000000000001750471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c320f66e85f75cd2022-02-14 08:46:34.683root 11241100x80000000000000001750472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52b57303712cac52022-02-14 08:46:34.683root 11241100x80000000000000001750473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f6261c1cdae2bf2022-02-14 08:46:34.683root 11241100x80000000000000001750474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e9e86534b143782022-02-14 08:46:34.683root 11241100x80000000000000001750475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9b18237936fe272022-02-14 08:46:34.683root 11241100x80000000000000001750476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030afe73484040eb2022-02-14 08:46:34.683root 11241100x80000000000000001750477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51a18b3cc5f85772022-02-14 08:46:34.683root 11241100x80000000000000001750478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b448e9a29be0a8d2022-02-14 08:46:34.683root 11241100x80000000000000001750479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f693bf21d03625fc2022-02-14 08:46:34.683root 11241100x80000000000000001750480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42464aad99a55b52022-02-14 08:46:34.684root 11241100x80000000000000001750481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7382f6fce9c3512022-02-14 08:46:34.684root 11241100x80000000000000001750482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3672293e5fce3ddc2022-02-14 08:46:34.684root 11241100x80000000000000001750483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f15b8b0cb2e06b12022-02-14 08:46:34.684root 11241100x80000000000000001750484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:34.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ecdfe1d12a14072022-02-14 08:46:34.684root 354300x80000000000000001750485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.149{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51540-false10.0.1.12-8000- 11241100x80000000000000001750486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.150{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bb626d675a8a642022-02-14 08:46:35.150root 11241100x80000000000000001750487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.150{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4028df54017842092022-02-14 08:46:35.150root 11241100x80000000000000001750488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.150{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d704990f2b550632022-02-14 08:46:35.150root 11241100x80000000000000001750489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.150{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d679b519f174892022-02-14 08:46:35.150root 11241100x80000000000000001750490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.150{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a219e931d551fd2022-02-14 08:46:35.150root 11241100x80000000000000001750491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.150{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2477afa9406550b82022-02-14 08:46:35.150root 11241100x80000000000000001750492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.150{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0b6b6b522a4c752022-02-14 08:46:35.150root 11241100x80000000000000001750493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.151{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc05f87169b906b2022-02-14 08:46:35.151root 11241100x80000000000000001750494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.151{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863dffb7e748b5bb2022-02-14 08:46:35.151root 11241100x80000000000000001750495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.151{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc628449599758a12022-02-14 08:46:35.151root 11241100x80000000000000001750496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.151{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bcc2a223c277b92022-02-14 08:46:35.151root 11241100x80000000000000001750497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.151{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d87ae0c8cef0872022-02-14 08:46:35.151root 11241100x80000000000000001750498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.151{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b3a7da576ebd092022-02-14 08:46:35.151root 11241100x80000000000000001750499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.152{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d6fa8fd0d87bc52022-02-14 08:46:35.152root 11241100x80000000000000001750500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.152{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd48a8fb3ec06552022-02-14 08:46:35.152root 11241100x80000000000000001750501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.152{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a240ab1512c7c072022-02-14 08:46:35.152root 11241100x80000000000000001750502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.152{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0749932284b3e9ed2022-02-14 08:46:35.152root 11241100x80000000000000001750503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.152{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07a095093d0f9322022-02-14 08:46:35.152root 11241100x80000000000000001750504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.152{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2084709c419659f52022-02-14 08:46:35.152root 11241100x80000000000000001750505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.152{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0c63e650181c782022-02-14 08:46:35.152root 11241100x80000000000000001750506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.152{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46666e247bfd5de2022-02-14 08:46:35.152root 11241100x80000000000000001750507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.152{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc004f95259e9c52022-02-14 08:46:35.152root 11241100x80000000000000001750508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.153{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbc9f6fe937f4112022-02-14 08:46:35.153root 11241100x80000000000000001750509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.153{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764ae4d8d36c32432022-02-14 08:46:35.153root 11241100x80000000000000001750510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.153{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0d6a933c95ee132022-02-14 08:46:35.153root 11241100x80000000000000001750511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.154{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2b7f03c112ea812022-02-14 08:46:35.154root 11241100x80000000000000001750512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.154{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c570c39954d454b2022-02-14 08:46:35.154root 11241100x80000000000000001750513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.154{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450d57b3a7f8e2682022-02-14 08:46:35.154root 11241100x80000000000000001750514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.154{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537f696182f400172022-02-14 08:46:35.154root 11241100x80000000000000001750515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.154{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c127386fa66dbbf52022-02-14 08:46:35.154root 11241100x80000000000000001750516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.155{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16ac8e6ec73bca52022-02-14 08:46:35.155root 11241100x80000000000000001750517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.155{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df041bdc5a89ebc92022-02-14 08:46:35.155root 11241100x80000000000000001750518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.155{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60a63caaaf1a9ec2022-02-14 08:46:35.155root 11241100x80000000000000001750519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.155{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bc60333bc8a7d82022-02-14 08:46:35.155root 11241100x80000000000000001750520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.155{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07197af5e2f85432022-02-14 08:46:35.155root 11241100x80000000000000001750521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.156{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9106b755883ea612022-02-14 08:46:35.156root 11241100x80000000000000001750522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.156{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb775a6e3d771e62022-02-14 08:46:35.156root 11241100x80000000000000001750523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe772bd9f1dfa50e2022-02-14 08:46:35.430root 11241100x80000000000000001750524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3859fca513b16bb72022-02-14 08:46:35.431root 11241100x80000000000000001750525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e63b5cc9e3d6df2022-02-14 08:46:35.431root 11241100x80000000000000001750526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e681b5229720f5f72022-02-14 08:46:35.431root 11241100x80000000000000001750527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59353e8a936d8b592022-02-14 08:46:35.431root 11241100x80000000000000001750528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292f7b03e25456c22022-02-14 08:46:35.431root 11241100x80000000000000001750529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e672fb8df3746f2022-02-14 08:46:35.431root 11241100x80000000000000001750530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cd30b67955635e2022-02-14 08:46:35.431root 11241100x80000000000000001750531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a12f16947b0a482022-02-14 08:46:35.431root 11241100x80000000000000001750532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9be2d2e5dad5cdd2022-02-14 08:46:35.431root 11241100x80000000000000001750533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3bb595ca17c2212022-02-14 08:46:35.431root 11241100x80000000000000001750534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c276769e050d6f12022-02-14 08:46:35.431root 11241100x80000000000000001750535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0081a2da25e7d6952022-02-14 08:46:35.431root 11241100x80000000000000001750536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe1ae2d623b8ca92022-02-14 08:46:35.432root 11241100x80000000000000001750537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2397725ded225ede2022-02-14 08:46:35.432root 11241100x80000000000000001750538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54495891226064f2022-02-14 08:46:35.432root 11241100x80000000000000001750539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eefe102f6d901472022-02-14 08:46:35.432root 11241100x80000000000000001750540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2531527091e3822022-02-14 08:46:35.432root 11241100x80000000000000001750541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc53a2bd9619b1642022-02-14 08:46:35.432root 11241100x80000000000000001750542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f379edca49452f742022-02-14 08:46:35.432root 11241100x80000000000000001750543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3090e3942fdcec072022-02-14 08:46:35.432root 11241100x80000000000000001750544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40db990b00d049b2022-02-14 08:46:35.432root 11241100x80000000000000001750545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769b6117f7f04f2b2022-02-14 08:46:35.432root 11241100x80000000000000001750546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c563effbfd417102022-02-14 08:46:35.433root 11241100x80000000000000001750547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d42a22edaf40d82022-02-14 08:46:35.433root 11241100x80000000000000001750548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf59fe805b9c2b582022-02-14 08:46:35.433root 154100x80000000000000001750549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.803{ec2ab09f-16eb-620a-68b4-eb818e550000}2029/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2ab09f-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}871--- 11241100x80000000000000001750550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.804{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d2842b80f4fbd22022-02-14 08:46:35.804root 11241100x80000000000000001750551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.805{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0806fcba785a843c2022-02-14 08:46:35.805root 11241100x80000000000000001750552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.805{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f264d3e60afe0de82022-02-14 08:46:35.805root 11241100x80000000000000001750553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.805{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf93543e3359caa2022-02-14 08:46:35.805root 11241100x80000000000000001750554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.805{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbd1a8550a5c9712022-02-14 08:46:35.805root 11241100x80000000000000001750555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.805{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9829882b15c834442022-02-14 08:46:35.805root 11241100x80000000000000001750556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.805{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75aa7bda355e511d2022-02-14 08:46:35.805root 11241100x80000000000000001750557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.805{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2411a557f298c5a02022-02-14 08:46:35.805root 11241100x80000000000000001750558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.806{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9dbf6f04f4b6cbf2022-02-14 08:46:35.806root 11241100x80000000000000001750559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.806{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0711168574a1f9cf2022-02-14 08:46:35.806root 11241100x80000000000000001750560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.806{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38af79571df1c872022-02-14 08:46:35.806root 11241100x80000000000000001750561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.806{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7faf836c18d4eb2022-02-14 08:46:35.806root 11241100x80000000000000001750562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.807{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64df305fb37853bf2022-02-14 08:46:35.807root 11241100x80000000000000001750563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d89edf6a75155bd2022-02-14 08:46:35.808root 11241100x80000000000000001750564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8f3dab871775b52022-02-14 08:46:35.808root 11241100x80000000000000001750565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f72881d35f6d4b2022-02-14 08:46:35.809root 11241100x80000000000000001750566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c42b7297fb05f122022-02-14 08:46:35.809root 11241100x80000000000000001750567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c6d043c13b5e552022-02-14 08:46:35.811root 11241100x80000000000000001750568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0518ddc09858c1652022-02-14 08:46:35.811root 11241100x80000000000000001750569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74abca3ceb24c1a02022-02-14 08:46:35.811root 11241100x80000000000000001750570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88171c2c00645fd2022-02-14 08:46:35.811root 11241100x80000000000000001750571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2aaf02e65aebcde2022-02-14 08:46:35.811root 11241100x80000000000000001750572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103bd28385a0227d2022-02-14 08:46:35.811root 11241100x80000000000000001750573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.812{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7851f7206412f22022-02-14 08:46:35.812root 11241100x80000000000000001750574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.812{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b31d878e291de02022-02-14 08:46:35.812root 11241100x80000000000000001750575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.812{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941defbc0e8feffd2022-02-14 08:46:35.812root 11241100x80000000000000001750576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.812{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bae15def07349c2022-02-14 08:46:35.812root 11241100x80000000000000001750577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.812{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcff67b1f6f238762022-02-14 08:46:35.812root 11241100x80000000000000001750578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.812{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995cb9dbca017aa52022-02-14 08:46:35.812root 11241100x80000000000000001750579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.812{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f576647bd224212022-02-14 08:46:35.812root 11241100x80000000000000001750580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248ce71a82fdd80e2022-02-14 08:46:35.813root 11241100x80000000000000001750581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c86bcca49296732022-02-14 08:46:35.813root 11241100x80000000000000001750582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2427d20deb3c5232022-02-14 08:46:35.813root 11241100x80000000000000001750583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127b5290cdd7ced72022-02-14 08:46:35.815root 534500x80000000000000001750584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:35.821{ec2ab09f-16eb-620a-68b4-eb818e550000}2029/bin/psroot 11241100x80000000000000001750585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173e8a827d0e0bbf2022-02-14 08:46:36.180root 11241100x80000000000000001750586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c91fa7e364959d2022-02-14 08:46:36.181root 11241100x80000000000000001750587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fa0a3ec83a6f342022-02-14 08:46:36.181root 11241100x80000000000000001750588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44182ec897cb9db2022-02-14 08:46:36.181root 11241100x80000000000000001750589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee7fbb9503d2d5c2022-02-14 08:46:36.182root 11241100x80000000000000001750590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0de77628d77f932022-02-14 08:46:36.182root 11241100x80000000000000001750591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c290601950f2d72022-02-14 08:46:36.182root 11241100x80000000000000001750592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0804bea48f9419502022-02-14 08:46:36.182root 11241100x80000000000000001750593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5605625da2556ec32022-02-14 08:46:36.182root 11241100x80000000000000001750594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83a858a8360c2242022-02-14 08:46:36.183root 11241100x80000000000000001750595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e2b29c8dd7945b2022-02-14 08:46:36.183root 11241100x80000000000000001750596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7db1024ca6d19c2022-02-14 08:46:36.183root 11241100x80000000000000001750597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6457eb5d8322f4282022-02-14 08:46:36.183root 11241100x80000000000000001750598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0d9ead4e5e5e202022-02-14 08:46:36.184root 11241100x80000000000000001750599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4209b104be8d0ca2022-02-14 08:46:36.184root 11241100x80000000000000001750600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56383165ebd9b3b02022-02-14 08:46:36.184root 11241100x80000000000000001750601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63782ae1d6f775d2022-02-14 08:46:36.184root 11241100x80000000000000001750602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158845ac7dfa5dd12022-02-14 08:46:36.184root 11241100x80000000000000001750603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fd75a3b15108172022-02-14 08:46:36.185root 11241100x80000000000000001750604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4577ea4eb51a6302022-02-14 08:46:36.185root 11241100x80000000000000001750605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476498cf4e7838a62022-02-14 08:46:36.185root 11241100x80000000000000001750606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b2b3e4b6175bbd2022-02-14 08:46:36.185root 11241100x80000000000000001750607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d212cb5416ff71f2022-02-14 08:46:36.185root 11241100x80000000000000001750608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53af730fce0a34ce2022-02-14 08:46:36.185root 11241100x80000000000000001750609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b7aa94820c73562022-02-14 08:46:36.185root 11241100x80000000000000001750610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a71e99133262e42022-02-14 08:46:36.186root 11241100x80000000000000001750611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d6b3c480b351962022-02-14 08:46:36.186root 11241100x80000000000000001750612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374d5f7e179f650e2022-02-14 08:46:36.186root 11241100x80000000000000001750613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d693a7aa8abb2d2022-02-14 08:46:36.680root 11241100x80000000000000001750614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49ede568eb607752022-02-14 08:46:36.680root 11241100x80000000000000001750615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32502518467d54d2022-02-14 08:46:36.680root 11241100x80000000000000001750616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe25362b21a7959f2022-02-14 08:46:36.680root 11241100x80000000000000001750617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4a95881017106e2022-02-14 08:46:36.680root 11241100x80000000000000001750618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96701fd218e56ec2022-02-14 08:46:36.680root 11241100x80000000000000001750619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42fc73bb8775f22b2022-02-14 08:46:36.680root 11241100x80000000000000001750620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901f5e680bdbca722022-02-14 08:46:36.681root 11241100x80000000000000001750621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe4597ac9a8d8e52022-02-14 08:46:36.681root 11241100x80000000000000001750622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4815cdd4635b2c992022-02-14 08:46:36.681root 11241100x80000000000000001750623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c234ca18acc4ee672022-02-14 08:46:36.681root 11241100x80000000000000001750624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78463a642458c2602022-02-14 08:46:36.682root 11241100x80000000000000001750625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4316c4b77b39df2022-02-14 08:46:36.682root 11241100x80000000000000001750626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375dd9736c6b302c2022-02-14 08:46:36.682root 11241100x80000000000000001750627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877e0b0aeff6ffaa2022-02-14 08:46:36.682root 11241100x80000000000000001750628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c052afbff23f9da52022-02-14 08:46:36.682root 11241100x80000000000000001750629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ab8496f8e529922022-02-14 08:46:36.682root 11241100x80000000000000001750630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972900802761ae542022-02-14 08:46:36.682root 11241100x80000000000000001750631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29bf9ab4681234da2022-02-14 08:46:36.682root 11241100x80000000000000001750632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed7a1d88da612bd2022-02-14 08:46:36.683root 11241100x80000000000000001750633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc155c08e19b31d72022-02-14 08:46:36.683root 11241100x80000000000000001750634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d2debef8561c962022-02-14 08:46:36.683root 11241100x80000000000000001750635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd95b42f709423092022-02-14 08:46:36.683root 11241100x80000000000000001750636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41cf17eefeb6adf2022-02-14 08:46:36.683root 11241100x80000000000000001750637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e05c40b0975a86a2022-02-14 08:46:36.683root 11241100x80000000000000001750638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a789381e8ac431a2022-02-14 08:46:36.683root 11241100x80000000000000001750639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458c821cb0c950c92022-02-14 08:46:36.683root 11241100x80000000000000001750640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99990edff600d2d2022-02-14 08:46:36.684root 11241100x80000000000000001750641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5d3bf63a35077c2022-02-14 08:46:36.684root 11241100x80000000000000001750642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274da38443e33d332022-02-14 08:46:36.684root 11241100x80000000000000001750643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5a6d1052ccd3482022-02-14 08:46:36.684root 11241100x80000000000000001750644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01efba08ba831aa42022-02-14 08:46:36.684root 11241100x80000000000000001750645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:36.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cf19cbb7d86f732022-02-14 08:46:36.684root 11241100x80000000000000001750646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f7eda578c769072022-02-14 08:46:37.180root 11241100x80000000000000001750647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43166b9df6579a7a2022-02-14 08:46:37.180root 11241100x80000000000000001750648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea68eb53818ff5a02022-02-14 08:46:37.180root 11241100x80000000000000001750649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42e851fa284106e2022-02-14 08:46:37.181root 11241100x80000000000000001750650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488868b828155bed2022-02-14 08:46:37.181root 11241100x80000000000000001750651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2c7b5b269468b62022-02-14 08:46:37.181root 11241100x80000000000000001750652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a556611340013d22022-02-14 08:46:37.181root 11241100x80000000000000001750653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9f8688afdc88c42022-02-14 08:46:37.181root 11241100x80000000000000001750654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06536ec2c193bbe2022-02-14 08:46:37.181root 11241100x80000000000000001750655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c143445ed3b284a2022-02-14 08:46:37.181root 11241100x80000000000000001750656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b12cdd3c13bc052022-02-14 08:46:37.181root 11241100x80000000000000001750657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2b7e13f7f58eae2022-02-14 08:46:37.181root 11241100x80000000000000001750658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541a47e00cf02aed2022-02-14 08:46:37.182root 11241100x80000000000000001750659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232319f39a705fb62022-02-14 08:46:37.182root 11241100x80000000000000001750660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2dedf42f05b6c72022-02-14 08:46:37.182root 11241100x80000000000000001750661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406617bbcde388192022-02-14 08:46:37.182root 11241100x80000000000000001750662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac02a4bbd0b14b72022-02-14 08:46:37.182root 11241100x80000000000000001750663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b187fbf0d851f02022-02-14 08:46:37.182root 11241100x80000000000000001750664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914b327712ee37562022-02-14 08:46:37.182root 11241100x80000000000000001750665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097376104b26c7ce2022-02-14 08:46:37.182root 11241100x80000000000000001750666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6d8bae810f45892022-02-14 08:46:37.182root 11241100x80000000000000001750667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048b3816ffdf396c2022-02-14 08:46:37.183root 11241100x80000000000000001750668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff57d2a7d2a5f6412022-02-14 08:46:37.183root 11241100x80000000000000001750669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec43dc6bde031992022-02-14 08:46:37.183root 11241100x80000000000000001750670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c058118b90b7a9e22022-02-14 08:46:37.183root 11241100x80000000000000001750671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478fdd2e020c6eea2022-02-14 08:46:37.183root 11241100x80000000000000001750672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f39478a78625fc02022-02-14 08:46:37.183root 11241100x80000000000000001750673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b0bf3af6a7843e2022-02-14 08:46:37.183root 11241100x80000000000000001750674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a344a8092aedba12022-02-14 08:46:37.680root 11241100x80000000000000001750675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a0f65171b039a52022-02-14 08:46:37.681root 11241100x80000000000000001750676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b401dd6e20326dcf2022-02-14 08:46:37.681root 11241100x80000000000000001750677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77b6248c526df422022-02-14 08:46:37.681root 11241100x80000000000000001750678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97994553507280752022-02-14 08:46:37.681root 11241100x80000000000000001750679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f619b58ff8580f512022-02-14 08:46:37.682root 11241100x80000000000000001750680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39248994408f30912022-02-14 08:46:37.682root 11241100x80000000000000001750681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed34232a73ea0cd52022-02-14 08:46:37.682root 11241100x80000000000000001750682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbf64d609817a552022-02-14 08:46:37.682root 11241100x80000000000000001750683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0180e8e1e585ae2022-02-14 08:46:37.682root 11241100x80000000000000001750684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bf4ea47774ab862022-02-14 08:46:37.682root 11241100x80000000000000001750685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21353c16ef172702022-02-14 08:46:37.683root 11241100x80000000000000001750686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bf9a9c3e8be6c82022-02-14 08:46:37.683root 11241100x80000000000000001750687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5be188e11d8c8b52022-02-14 08:46:37.683root 11241100x80000000000000001750688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fdbd8b4a3482772022-02-14 08:46:37.683root 11241100x80000000000000001750689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b55bc3770aa78fd2022-02-14 08:46:37.683root 11241100x80000000000000001750690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c431b2bc00bbad02022-02-14 08:46:37.683root 11241100x80000000000000001750691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8455a85ec7862bb92022-02-14 08:46:37.683root 11241100x80000000000000001750692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5df421bd99b9242022-02-14 08:46:37.683root 11241100x80000000000000001750693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e53615edf1015a02022-02-14 08:46:37.683root 11241100x80000000000000001750694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3adc304b359c392022-02-14 08:46:37.684root 11241100x80000000000000001750695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855043e177a645b42022-02-14 08:46:37.684root 11241100x80000000000000001750696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca67545bd15825d32022-02-14 08:46:37.684root 11241100x80000000000000001750697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882fac63d7c2d86b2022-02-14 08:46:37.684root 11241100x80000000000000001750698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3b25fd984f8d9d2022-02-14 08:46:37.684root 11241100x80000000000000001750699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b578ba379fa85d42022-02-14 08:46:37.684root 11241100x80000000000000001750700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146ed9ffa709d8a32022-02-14 08:46:37.684root 11241100x80000000000000001750701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:37.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93322c09028195ae2022-02-14 08:46:37.685root 11241100x80000000000000001750702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b16ecfe7097ee2e2022-02-14 08:46:38.180root 11241100x80000000000000001750703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f36be2678707f02022-02-14 08:46:38.181root 11241100x80000000000000001750704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791b0266587918992022-02-14 08:46:38.181root 11241100x80000000000000001750705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60c927b1d7f2bd42022-02-14 08:46:38.181root 11241100x80000000000000001750706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc5f2ebedc3eae32022-02-14 08:46:38.182root 11241100x80000000000000001750707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaee6faaf02521002022-02-14 08:46:38.182root 11241100x80000000000000001750708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac8a12f57054f2e2022-02-14 08:46:38.182root 11241100x80000000000000001750709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf50cf7b33057e9c2022-02-14 08:46:38.182root 11241100x80000000000000001750710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7115b2921c58dc942022-02-14 08:46:38.182root 11241100x80000000000000001750711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea9fd5e55a32dc42022-02-14 08:46:38.182root 11241100x80000000000000001750712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282fea78b61033b62022-02-14 08:46:38.183root 11241100x80000000000000001750713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f72bf71e6fe22d2022-02-14 08:46:38.183root 11241100x80000000000000001750714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8004923df546ddb2022-02-14 08:46:38.183root 11241100x80000000000000001750715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb17802dd93ec8cf2022-02-14 08:46:38.183root 11241100x80000000000000001750716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f695bd831fb46ec02022-02-14 08:46:38.183root 11241100x80000000000000001750717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f4e48e07896a632022-02-14 08:46:38.183root 11241100x80000000000000001750718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b64a179a3a19cb2022-02-14 08:46:38.183root 11241100x80000000000000001750719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb87b809fe80e362022-02-14 08:46:38.184root 11241100x80000000000000001750720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413b85ffe3440f142022-02-14 08:46:38.184root 11241100x80000000000000001750721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3435412b5e04bfb52022-02-14 08:46:38.184root 11241100x80000000000000001750722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd5bc4ca07a544a2022-02-14 08:46:38.185root 11241100x80000000000000001750723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043cce733221e78c2022-02-14 08:46:38.185root 11241100x80000000000000001750724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f01a614e1a7f5a2022-02-14 08:46:38.185root 11241100x80000000000000001750725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5952407164230df52022-02-14 08:46:38.185root 11241100x80000000000000001750726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66e1230bdb374192022-02-14 08:46:38.185root 11241100x80000000000000001750727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf638e0c38074112022-02-14 08:46:38.185root 11241100x80000000000000001750728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1b4cd9ccd86f192022-02-14 08:46:38.185root 11241100x80000000000000001750729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1466836bbbe4b28e2022-02-14 08:46:38.186root 11241100x80000000000000001750730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb569e758cc5eedc2022-02-14 08:46:38.680root 11241100x80000000000000001750731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dd0bccccae3e022022-02-14 08:46:38.680root 11241100x80000000000000001750732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa490c46cb8d9772022-02-14 08:46:38.680root 11241100x80000000000000001750733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a86eaeabec2c292022-02-14 08:46:38.680root 11241100x80000000000000001750734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7763fd95c46541a2022-02-14 08:46:38.680root 11241100x80000000000000001750735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a883680690baaa2022-02-14 08:46:38.681root 11241100x80000000000000001750736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517ef7911be3543e2022-02-14 08:46:38.681root 11241100x80000000000000001750737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3337d3ed0215cf2022-02-14 08:46:38.681root 11241100x80000000000000001750738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a56c7bfcec7212e2022-02-14 08:46:38.681root 11241100x80000000000000001750739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e234bab17c5d962022-02-14 08:46:38.682root 11241100x80000000000000001750740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585d4ae6499b866d2022-02-14 08:46:38.682root 11241100x80000000000000001750741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdc06ca2981125c2022-02-14 08:46:38.682root 11241100x80000000000000001750742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a8902de604f1d82022-02-14 08:46:38.682root 11241100x80000000000000001750743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff01c0edaa5825f32022-02-14 08:46:38.682root 11241100x80000000000000001750744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4252af16c5372f2022-02-14 08:46:38.682root 11241100x80000000000000001750745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d463ca50ddb3fc2022-02-14 08:46:38.682root 11241100x80000000000000001750746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f555177b4363976d2022-02-14 08:46:38.682root 11241100x80000000000000001750747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394aa208dbf6c5cd2022-02-14 08:46:38.683root 11241100x80000000000000001750748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77b371088e84b112022-02-14 08:46:38.683root 11241100x80000000000000001750749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18086111cde7f1d42022-02-14 08:46:38.683root 11241100x80000000000000001750750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae8a0e2b7e3c5232022-02-14 08:46:38.683root 11241100x80000000000000001750751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29963dc2e4aa5f32022-02-14 08:46:38.683root 11241100x80000000000000001750752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d237b9a24477d42022-02-14 08:46:38.684root 11241100x80000000000000001750753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ccfbc58e9bac9c2022-02-14 08:46:38.684root 11241100x80000000000000001750754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debe00f5815078752022-02-14 08:46:38.684root 11241100x80000000000000001750755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1326b517356d0b5e2022-02-14 08:46:38.684root 11241100x80000000000000001750756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb1ece3b17999732022-02-14 08:46:38.684root 11241100x80000000000000001750757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:38.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0853bd657963984b2022-02-14 08:46:38.685root 11241100x80000000000000001750758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b32d8f13bb9cdd2022-02-14 08:46:39.180root 11241100x80000000000000001750759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5375d69319aa7e682022-02-14 08:46:39.180root 11241100x80000000000000001750760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241c55b31b5064f42022-02-14 08:46:39.180root 11241100x80000000000000001750761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d591f1aceed35882022-02-14 08:46:39.180root 11241100x80000000000000001750762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9e80ebd503d1032022-02-14 08:46:39.180root 11241100x80000000000000001750763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523c708c928725a42022-02-14 08:46:39.180root 11241100x80000000000000001750764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e584c5249ce329232022-02-14 08:46:39.180root 11241100x80000000000000001750765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9091cc924262716b2022-02-14 08:46:39.181root 11241100x80000000000000001750766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73b17d5ed25ba752022-02-14 08:46:39.181root 11241100x80000000000000001750767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3d7c057caad1c02022-02-14 08:46:39.181root 11241100x80000000000000001750768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2e589dba4632362022-02-14 08:46:39.182root 11241100x80000000000000001750769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f74c2bd0ca339a2022-02-14 08:46:39.182root 11241100x80000000000000001750770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a4e6ce51689e802022-02-14 08:46:39.182root 11241100x80000000000000001750771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e6214abcdf9a672022-02-14 08:46:39.182root 11241100x80000000000000001750772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95547ec6db0943272022-02-14 08:46:39.183root 11241100x80000000000000001750773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b531aa2d25dd4602022-02-14 08:46:39.183root 11241100x80000000000000001750774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50b7da1d545f5a92022-02-14 08:46:39.183root 11241100x80000000000000001750775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12857480ec1d00d12022-02-14 08:46:39.183root 11241100x80000000000000001750776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196bddf67de8e3d62022-02-14 08:46:39.183root 11241100x80000000000000001750777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f49fc4e69c03cb32022-02-14 08:46:39.183root 11241100x80000000000000001750778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8235295bcca78f3f2022-02-14 08:46:39.183root 11241100x80000000000000001750779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458e3dad22a586842022-02-14 08:46:39.184root 11241100x80000000000000001750780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818b45dc421859e92022-02-14 08:46:39.184root 11241100x80000000000000001750781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89822ccded362cab2022-02-14 08:46:39.184root 11241100x80000000000000001750782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4a886a80c1a1122022-02-14 08:46:39.184root 11241100x80000000000000001750783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9554304f0991e72022-02-14 08:46:39.184root 11241100x80000000000000001750784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048e4ebf990eb3b22022-02-14 08:46:39.184root 11241100x80000000000000001750785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb2eb767fc5cb272022-02-14 08:46:39.184root 11241100x80000000000000001750786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e169b2b9455005d92022-02-14 08:46:39.185root 11241100x80000000000000001750787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465ecd5ec755a1ca2022-02-14 08:46:39.185root 11241100x80000000000000001750788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c17199661ad8e52022-02-14 08:46:39.186root 11241100x80000000000000001750789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f744b746d7807b1d2022-02-14 08:46:39.186root 11241100x80000000000000001750790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24c891beacc23752022-02-14 08:46:39.680root 11241100x80000000000000001750791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51c56a4136792582022-02-14 08:46:39.680root 11241100x80000000000000001750792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb62333d969ca052022-02-14 08:46:39.681root 11241100x80000000000000001750793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ef996ebf400b942022-02-14 08:46:39.681root 11241100x80000000000000001750794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5f79ae3fa0bc7d2022-02-14 08:46:39.681root 11241100x80000000000000001750795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3364783c57369312022-02-14 08:46:39.681root 11241100x80000000000000001750796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df459b9e82caf61f2022-02-14 08:46:39.681root 11241100x80000000000000001750797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80a7f550363c22b2022-02-14 08:46:39.681root 11241100x80000000000000001750798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4742452528a6fb2022-02-14 08:46:39.681root 11241100x80000000000000001750799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b607f07e2dda06c2022-02-14 08:46:39.681root 11241100x80000000000000001750800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30a613202923aba2022-02-14 08:46:39.681root 11241100x80000000000000001750801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c338fd74d6d0da82022-02-14 08:46:39.682root 11241100x80000000000000001750802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2aac7938f62f3e52022-02-14 08:46:39.682root 11241100x80000000000000001750803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e042f16ad5e92f2022-02-14 08:46:39.682root 11241100x80000000000000001750804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21c01f5da4c6a862022-02-14 08:46:39.682root 11241100x80000000000000001750805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bab102b147eec5b2022-02-14 08:46:39.682root 11241100x80000000000000001750806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7babf7f47abce2fc2022-02-14 08:46:39.682root 11241100x80000000000000001750807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e99ac2d088c6d92022-02-14 08:46:39.683root 11241100x80000000000000001750808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252a707fe06242662022-02-14 08:46:39.683root 11241100x80000000000000001750809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0a45870986f4e72022-02-14 08:46:39.684root 11241100x80000000000000001750810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be430e2e8e7b16562022-02-14 08:46:39.684root 11241100x80000000000000001750811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1271db90d5fbff2022-02-14 08:46:39.684root 11241100x80000000000000001750812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5779fdac05bdf12022-02-14 08:46:39.684root 11241100x80000000000000001750813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31c7e82ee680e042022-02-14 08:46:39.684root 11241100x80000000000000001750814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37faab5dc97264792022-02-14 08:46:39.684root 11241100x80000000000000001750815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ff9adea7a54f3e2022-02-14 08:46:39.684root 11241100x80000000000000001750816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988a360578c7d7c02022-02-14 08:46:39.684root 11241100x80000000000000001750817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:39.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022bfd8847a9eea32022-02-14 08:46:39.685root 11241100x80000000000000001750818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76f40246d2e7c7d2022-02-14 08:46:40.180root 11241100x80000000000000001750819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfe500a075e92cf2022-02-14 08:46:40.181root 11241100x80000000000000001750820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81b168ab35c83f22022-02-14 08:46:40.181root 11241100x80000000000000001750821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587bf8c51aa3d23f2022-02-14 08:46:40.181root 11241100x80000000000000001750822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdd3e30e1e3ac562022-02-14 08:46:40.181root 11241100x80000000000000001750823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6087f3c389a384ad2022-02-14 08:46:40.181root 11241100x80000000000000001750824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02ddb8fb83e5e542022-02-14 08:46:40.181root 11241100x80000000000000001750825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9932b6f3f5107bac2022-02-14 08:46:40.181root 11241100x80000000000000001750826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef5fe4df942d2a32022-02-14 08:46:40.181root 11241100x80000000000000001750827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6aa1229cd524e22022-02-14 08:46:40.182root 11241100x80000000000000001750828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c88858ab7d98f72022-02-14 08:46:40.182root 11241100x80000000000000001750829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb1a9b93428d0672022-02-14 08:46:40.182root 11241100x80000000000000001750830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da75f53746d978c2022-02-14 08:46:40.182root 11241100x80000000000000001750831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00729e68fd9433862022-02-14 08:46:40.182root 11241100x80000000000000001750832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe815fb3da6ad5c2022-02-14 08:46:40.182root 11241100x80000000000000001750833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22294b407bbf25cf2022-02-14 08:46:40.182root 11241100x80000000000000001750834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891adf38c2f6ce2b2022-02-14 08:46:40.182root 11241100x80000000000000001750835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e663ce4f490ce82022-02-14 08:46:40.182root 11241100x80000000000000001750836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac190706af3dccb2022-02-14 08:46:40.182root 11241100x80000000000000001750837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b451309e3efa882b2022-02-14 08:46:40.182root 11241100x80000000000000001750838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225d1602ca5e04e12022-02-14 08:46:40.183root 11241100x80000000000000001750839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67c1f9335222e232022-02-14 08:46:40.183root 11241100x80000000000000001750840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115edde72ab8b9662022-02-14 08:46:40.183root 11241100x80000000000000001750841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3683937e77012a72022-02-14 08:46:40.183root 11241100x80000000000000001750842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3a269f4575bb8c2022-02-14 08:46:40.183root 11241100x80000000000000001750843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea73d255f3498f72022-02-14 08:46:40.183root 11241100x80000000000000001750844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdd9d26ee1dbc672022-02-14 08:46:40.183root 11241100x80000000000000001750845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b73ab45a657f072022-02-14 08:46:40.183root 11241100x80000000000000001750846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.212{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-02-14 08:46:40.212root 11241100x80000000000000001750847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f792b75f6485762022-02-14 08:46:40.683root 11241100x80000000000000001750848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee397442a27c325f2022-02-14 08:46:40.683root 11241100x80000000000000001750849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861ec2c19a1e454e2022-02-14 08:46:40.684root 11241100x80000000000000001750850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad120d61207e5382022-02-14 08:46:40.684root 11241100x80000000000000001750851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70ed96433c87af32022-02-14 08:46:40.684root 11241100x80000000000000001750852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18508a85f999a6b62022-02-14 08:46:40.684root 11241100x80000000000000001750853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4717bf9f6d7856ff2022-02-14 08:46:40.684root 11241100x80000000000000001750854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdacd0e1cd75dc772022-02-14 08:46:40.684root 11241100x80000000000000001750855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65d35137683f0952022-02-14 08:46:40.684root 11241100x80000000000000001750856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5555beee93cb18732022-02-14 08:46:40.684root 11241100x80000000000000001750857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd60a1f72a6d49112022-02-14 08:46:40.684root 11241100x80000000000000001750858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca03a922e12bd0b2022-02-14 08:46:40.685root 11241100x80000000000000001750859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e14e829fb23def82022-02-14 08:46:40.685root 11241100x80000000000000001750860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b14147e814af682022-02-14 08:46:40.685root 11241100x80000000000000001750861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24af1fa288edad82022-02-14 08:46:40.685root 11241100x80000000000000001750862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32b5b81a5fe55092022-02-14 08:46:40.685root 11241100x80000000000000001750863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0958bcf4dec4a2f2022-02-14 08:46:40.685root 11241100x80000000000000001750864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea02db64618dc9272022-02-14 08:46:40.685root 11241100x80000000000000001750865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05a61ab1b4b60d72022-02-14 08:46:40.686root 11241100x80000000000000001750866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10acf5979f2c01042022-02-14 08:46:40.686root 11241100x80000000000000001750867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa309fb58c53e762022-02-14 08:46:40.686root 11241100x80000000000000001750868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832e301a4d5f462a2022-02-14 08:46:40.686root 11241100x80000000000000001750869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4d8b9e17b7e1bf2022-02-14 08:46:40.686root 11241100x80000000000000001750870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4455209b6d663962022-02-14 08:46:40.686root 11241100x80000000000000001750871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181664b86b055d582022-02-14 08:46:40.686root 11241100x80000000000000001750872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367188bfd45cc9082022-02-14 08:46:40.686root 11241100x80000000000000001750873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597c496336983d8c2022-02-14 08:46:40.686root 11241100x80000000000000001750874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b445ef3eed4c48112022-02-14 08:46:40.686root 11241100x80000000000000001750875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:40.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca3499fc4531d4f2022-02-14 08:46:40.686root 354300x80000000000000001750876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.123{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51542-false10.0.1.12-8000- 11241100x80000000000000001750877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.124{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e95499e9e3d78c12022-02-14 08:46:41.124root 11241100x80000000000000001750878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.124{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021fdd7f8a5a06932022-02-14 08:46:41.124root 11241100x80000000000000001750879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.124{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1606b6b3629a54cb2022-02-14 08:46:41.124root 11241100x80000000000000001750880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.124{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c15ec8f56df4c0e2022-02-14 08:46:41.124root 11241100x80000000000000001750881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.125{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ffcf82699831ca92022-02-14 08:46:41.125root 11241100x80000000000000001750882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.125{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b27a12272f6bf52022-02-14 08:46:41.125root 11241100x80000000000000001750883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.125{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9343f312cb4604a72022-02-14 08:46:41.125root 11241100x80000000000000001750884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.125{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6a64a3c03b192f2022-02-14 08:46:41.125root 11241100x80000000000000001750885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.126{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3b82def088581d2022-02-14 08:46:41.126root 11241100x80000000000000001750886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca207c470ff93c662022-02-14 08:46:41.128root 11241100x80000000000000001750887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.128{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213ee1e7764adc2d2022-02-14 08:46:41.128root 11241100x80000000000000001750888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.129{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33439f5648348e902022-02-14 08:46:41.129root 11241100x80000000000000001750889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.130{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c3b67e67fca0422022-02-14 08:46:41.130root 11241100x80000000000000001750890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.130{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e25ea59cdfcc63b2022-02-14 08:46:41.130root 11241100x80000000000000001750891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9fa2fd136064a62022-02-14 08:46:41.131root 11241100x80000000000000001750892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5feaf1da7622e92022-02-14 08:46:41.132root 11241100x80000000000000001750893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df92f837e74b17582022-02-14 08:46:41.132root 11241100x80000000000000001750894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d53a8b22463ad182022-02-14 08:46:41.132root 11241100x80000000000000001750895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.133{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2d6f10eb9e072c2022-02-14 08:46:41.133root 11241100x80000000000000001750896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.133{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76853adf725a61e32022-02-14 08:46:41.133root 11241100x80000000000000001750897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.134{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395a0838a12f3ef32022-02-14 08:46:41.134root 11241100x80000000000000001750898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.134{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a35cf33e8624a122022-02-14 08:46:41.134root 11241100x80000000000000001750899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.134{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2469f59df7ffd51d2022-02-14 08:46:41.134root 11241100x80000000000000001750900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.134{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a85bcbae89829322022-02-14 08:46:41.134root 11241100x80000000000000001750901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.134{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7768b6636b69c8992022-02-14 08:46:41.134root 11241100x80000000000000001750902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.134{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be62a2cc6d6828342022-02-14 08:46:41.134root 11241100x80000000000000001750903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.134{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6dd19bb7ccf82c42022-02-14 08:46:41.134root 11241100x80000000000000001750904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.134{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4d5bc73d2611122022-02-14 08:46:41.134root 11241100x80000000000000001750905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.134{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3c5bd806dfbea42022-02-14 08:46:41.134root 11241100x80000000000000001750906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.134{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e33ba33337fb2272022-02-14 08:46:41.134root 11241100x80000000000000001750907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.135{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8dfeee9a1bb83762022-02-14 08:46:41.135root 11241100x80000000000000001750908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.135{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c0bf59f37bba972022-02-14 08:46:41.135root 11241100x80000000000000001750909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.135{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe190236f2e39702022-02-14 08:46:41.135root 11241100x80000000000000001750910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.135{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69d69afd0c366032022-02-14 08:46:41.135root 11241100x80000000000000001750911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e52a381ca166e302022-02-14 08:46:41.429root 11241100x80000000000000001750912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7adaeed5106810052022-02-14 08:46:41.430root 11241100x80000000000000001750913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3d60e4d5e9065c2022-02-14 08:46:41.430root 11241100x80000000000000001750914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94dd1f03370792132022-02-14 08:46:41.430root 11241100x80000000000000001750915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c002cb9b8755072022-02-14 08:46:41.430root 11241100x80000000000000001750916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8179b6f1f783292022-02-14 08:46:41.430root 11241100x80000000000000001750917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affdc8f065b2363f2022-02-14 08:46:41.430root 11241100x80000000000000001750918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0886f5b80d9b157b2022-02-14 08:46:41.430root 11241100x80000000000000001750919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428406add999d0a52022-02-14 08:46:41.430root 11241100x80000000000000001750920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336c6888e9b863ab2022-02-14 08:46:41.430root 11241100x80000000000000001750921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5ba70599f21b7a2022-02-14 08:46:41.430root 11241100x80000000000000001750922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce07ea223a32a7a22022-02-14 08:46:41.430root 11241100x80000000000000001750923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732e61f6710c69252022-02-14 08:46:41.430root 11241100x80000000000000001750924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a925bc16c36d4652022-02-14 08:46:41.430root 11241100x80000000000000001750925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e21e7743564dd72022-02-14 08:46:41.430root 11241100x80000000000000001750926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f48049e7c2cf9e52022-02-14 08:46:41.431root 11241100x80000000000000001750927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1130b6ce9b243d322022-02-14 08:46:41.431root 11241100x80000000000000001750928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3830d2e07f110d492022-02-14 08:46:41.431root 11241100x80000000000000001750929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4424a82baa8e842022-02-14 08:46:41.431root 11241100x80000000000000001750930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe04aa24dbf01942022-02-14 08:46:41.431root 11241100x80000000000000001750931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb12bdd962b88132022-02-14 08:46:41.431root 11241100x80000000000000001750932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ad7f48a956bb682022-02-14 08:46:41.431root 11241100x80000000000000001750933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9336ae15b86e822022-02-14 08:46:41.431root 11241100x80000000000000001750934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a49e5ffad6f8cf22022-02-14 08:46:41.431root 11241100x80000000000000001750935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e543469a8a41c042022-02-14 08:46:41.431root 11241100x80000000000000001750936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95543c719c0af4e72022-02-14 08:46:41.431root 11241100x80000000000000001750937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a6cecddf29f94a2022-02-14 08:46:41.431root 11241100x80000000000000001750938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e907be5a3383922022-02-14 08:46:41.431root 11241100x80000000000000001750939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63bcb71dd33825092022-02-14 08:46:41.431root 11241100x80000000000000001750940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719c1aa716838bad2022-02-14 08:46:41.431root 11241100x80000000000000001750941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144cbcd5771737492022-02-14 08:46:41.431root 11241100x80000000000000001750942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd3875f1b3d90452022-02-14 08:46:41.432root 11241100x80000000000000001750943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db9f2210e5485222022-02-14 08:46:41.432root 11241100x80000000000000001750944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624af1b567819d6b2022-02-14 08:46:41.432root 11241100x80000000000000001750945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c751dc7a78d3c42022-02-14 08:46:41.432root 11241100x80000000000000001750946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1e089dd3cf64e82022-02-14 08:46:41.432root 11241100x80000000000000001750947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc48f74c3a010c742022-02-14 08:46:41.432root 11241100x80000000000000001750948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1743fb53f208e4e2022-02-14 08:46:41.931root 11241100x80000000000000001750949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7722af144a188a172022-02-14 08:46:41.931root 11241100x80000000000000001750950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8656f3328ebc7b862022-02-14 08:46:41.931root 11241100x80000000000000001750951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab760b2f43e1e93c2022-02-14 08:46:41.931root 11241100x80000000000000001750952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938e31fee07096862022-02-14 08:46:41.931root 11241100x80000000000000001750953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de798d42bfdc698f2022-02-14 08:46:41.931root 11241100x80000000000000001750954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21addb71b8e229e82022-02-14 08:46:41.931root 11241100x80000000000000001750955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102922131c1e92572022-02-14 08:46:41.931root 11241100x80000000000000001750956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5011c217f5f07c192022-02-14 08:46:41.931root 11241100x80000000000000001750957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1021a5cb0c20cdf72022-02-14 08:46:41.931root 11241100x80000000000000001750958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419376d6908b86442022-02-14 08:46:41.931root 11241100x80000000000000001750959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e9b929a0ffb79d2022-02-14 08:46:41.931root 11241100x80000000000000001750960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a484152a9068a9df2022-02-14 08:46:41.931root 11241100x80000000000000001750961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a7b3b79e7ce18f2022-02-14 08:46:41.931root 11241100x80000000000000001750962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b865ccb17b1cf52022-02-14 08:46:41.932root 11241100x80000000000000001750963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395052d4749db0a72022-02-14 08:46:41.932root 11241100x80000000000000001750964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78acf4649984a37b2022-02-14 08:46:41.932root 11241100x80000000000000001750965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234f7ac6948b460a2022-02-14 08:46:41.932root 11241100x80000000000000001750966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41582eb7cfb029ba2022-02-14 08:46:41.932root 11241100x80000000000000001750967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a80049c21a766642022-02-14 08:46:41.932root 11241100x80000000000000001750968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbd0d6a0724acce2022-02-14 08:46:41.932root 11241100x80000000000000001750969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51702a0602c7e9af2022-02-14 08:46:41.932root 11241100x80000000000000001750970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab58048d2ff3ba412022-02-14 08:46:41.932root 11241100x80000000000000001750971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba6019f2ca855152022-02-14 08:46:41.932root 11241100x80000000000000001750972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5937e470e00baba2022-02-14 08:46:41.932root 11241100x80000000000000001750973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc387e3489cb3a942022-02-14 08:46:41.932root 11241100x80000000000000001750974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d313128624c99402022-02-14 08:46:41.932root 11241100x80000000000000001750975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ee01198af574972022-02-14 08:46:41.932root 11241100x80000000000000001750976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8688642dead1b5e52022-02-14 08:46:41.932root 11241100x80000000000000001750977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:41.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b26b4f37e959312022-02-14 08:46:41.933root 11241100x80000000000000001750978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051f83c20cb3f3a12022-02-14 08:46:42.430root 11241100x80000000000000001750979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1eb9a67561a23122022-02-14 08:46:42.431root 11241100x80000000000000001750980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7eae56348f749a12022-02-14 08:46:42.431root 11241100x80000000000000001750981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab6d831e57e8d6f2022-02-14 08:46:42.431root 11241100x80000000000000001750982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864f96985707a5c72022-02-14 08:46:42.431root 11241100x80000000000000001750983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f6b078a4a36c832022-02-14 08:46:42.431root 11241100x80000000000000001750984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a652ab2a288a5b432022-02-14 08:46:42.431root 11241100x80000000000000001750985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b133c72431543c42022-02-14 08:46:42.431root 11241100x80000000000000001750986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b715314f3a3a59eb2022-02-14 08:46:42.431root 11241100x80000000000000001750987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3811ce6166b3312022-02-14 08:46:42.431root 11241100x80000000000000001750988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609580d905b846512022-02-14 08:46:42.431root 11241100x80000000000000001750989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253003f0567c46a12022-02-14 08:46:42.432root 11241100x80000000000000001750990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1ec492af9d10b82022-02-14 08:46:42.432root 11241100x80000000000000001750991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c589842407c64da22022-02-14 08:46:42.432root 11241100x80000000000000001750992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da48870cf0eb92402022-02-14 08:46:42.432root 11241100x80000000000000001750993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e7ddbda36fb1b62022-02-14 08:46:42.432root 11241100x80000000000000001750994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b120fc565ffeca02022-02-14 08:46:42.432root 11241100x80000000000000001750995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3efc5a1a7693f262022-02-14 08:46:42.432root 11241100x80000000000000001750996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93035312a7a3ff12022-02-14 08:46:42.432root 11241100x80000000000000001750997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c215a0704b2ec4932022-02-14 08:46:42.432root 11241100x80000000000000001750998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20685f2186b8e982022-02-14 08:46:42.433root 11241100x80000000000000001750999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc346ef3b15545da2022-02-14 08:46:42.433root 11241100x80000000000000001751000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f48cf9475faf4ca2022-02-14 08:46:42.433root 11241100x80000000000000001751001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23fd8e0d13ac5ea2022-02-14 08:46:42.433root 11241100x80000000000000001751002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59fe21e606f25fe2022-02-14 08:46:42.433root 11241100x80000000000000001751003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5550f345c06965342022-02-14 08:46:42.433root 11241100x80000000000000001751004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7532d29888ef1f52022-02-14 08:46:42.433root 11241100x80000000000000001751005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ba400d7f5840992022-02-14 08:46:42.434root 11241100x80000000000000001751006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230bb45d8068c8b72022-02-14 08:46:42.434root 11241100x80000000000000001751007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a74742411a34da32022-02-14 08:46:42.435root 11241100x80000000000000001751008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f06a2e7096cfc0c2022-02-14 08:46:42.930root 11241100x80000000000000001751009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6af32536f790622022-02-14 08:46:42.930root 11241100x80000000000000001751010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a34fdea22d0acb52022-02-14 08:46:42.930root 11241100x80000000000000001751011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cd6e3ce684ad6a2022-02-14 08:46:42.930root 11241100x80000000000000001751012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092f83f829a389052022-02-14 08:46:42.930root 11241100x80000000000000001751013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9d5b09bbce1ecd2022-02-14 08:46:42.930root 11241100x80000000000000001751014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e727ea09fa7c195e2022-02-14 08:46:42.930root 11241100x80000000000000001751015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ceee3d2a998fa92022-02-14 08:46:42.930root 11241100x80000000000000001751016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01fd41d7ce3693fe2022-02-14 08:46:42.930root 11241100x80000000000000001751017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab19aeb9dffaf542022-02-14 08:46:42.930root 11241100x80000000000000001751018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fad0102405e45c2022-02-14 08:46:42.930root 11241100x80000000000000001751019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec8eaf1442cc5bf2022-02-14 08:46:42.931root 11241100x80000000000000001751020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3942a6bb983b16862022-02-14 08:46:42.931root 11241100x80000000000000001751021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6745332a6201632022-02-14 08:46:42.931root 11241100x80000000000000001751022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23f7846ce464c352022-02-14 08:46:42.931root 11241100x80000000000000001751023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8e723b53a5a38e2022-02-14 08:46:42.931root 11241100x80000000000000001751024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b22025a5bec295b2022-02-14 08:46:42.931root 11241100x80000000000000001751025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b0373b286bf7d92022-02-14 08:46:42.932root 11241100x80000000000000001751026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44165992d09ba17b2022-02-14 08:46:42.932root 11241100x80000000000000001751027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c18130c7d531d02022-02-14 08:46:42.932root 11241100x80000000000000001751028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f247c15416231402022-02-14 08:46:42.932root 11241100x80000000000000001751029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1a1b9f1bbcab1e2022-02-14 08:46:42.932root 11241100x80000000000000001751030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c400f8c88c0e46e2022-02-14 08:46:42.932root 11241100x80000000000000001751031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a928ec4f2390d8ff2022-02-14 08:46:42.933root 11241100x80000000000000001751032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1aa96d667dbd6582022-02-14 08:46:42.933root 11241100x80000000000000001751033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b975875675ee922022-02-14 08:46:42.933root 11241100x80000000000000001751034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1aa0986d45613d2022-02-14 08:46:42.933root 11241100x80000000000000001751035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4c9e810c7fd1932022-02-14 08:46:42.933root 11241100x80000000000000001751036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e2d7fcbb56df662022-02-14 08:46:42.934root 11241100x80000000000000001751037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e626e89e28936f52022-02-14 08:46:42.934root 11241100x80000000000000001751038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb00a28958a3fd262022-02-14 08:46:42.934root 11241100x80000000000000001751039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e34ce0ab78605052022-02-14 08:46:42.934root 11241100x80000000000000001751040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720eb1fd0206d05d2022-02-14 08:46:42.934root 11241100x80000000000000001751041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9a045f2114eec32022-02-14 08:46:42.934root 11241100x80000000000000001751042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae25afe1510b75e2022-02-14 08:46:42.935root 11241100x80000000000000001751043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:42.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f715a5a53e20fa9b2022-02-14 08:46:42.935root 23542300x80000000000000001751044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.213{ec2ab09f-1002-620a-3078-922c7d550000}1328root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000001751045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ec51050ea32e472022-02-14 08:46:43.214root 11241100x80000000000000001751046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76319c0122216382022-02-14 08:46:43.214root 11241100x80000000000000001751047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5591577e2bce7fb2022-02-14 08:46:43.214root 11241100x80000000000000001751048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bd92e54b11f8f42022-02-14 08:46:43.214root 11241100x80000000000000001751049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9d1390ee04a05a2022-02-14 08:46:43.214root 11241100x80000000000000001751050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f124ff597dd2212022-02-14 08:46:43.214root 11241100x80000000000000001751051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.215{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6df592e9f8ab692022-02-14 08:46:43.215root 11241100x80000000000000001751052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.215{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b08a4e1232f1ee72022-02-14 08:46:43.215root 11241100x80000000000000001751053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.215{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db035e95ab7dd0a82022-02-14 08:46:43.215root 11241100x80000000000000001751054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.215{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94e1712b521de982022-02-14 08:46:43.215root 11241100x80000000000000001751055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.215{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c740f5c497dff1512022-02-14 08:46:43.215root 11241100x80000000000000001751056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7684c65f704697a2022-02-14 08:46:43.216root 11241100x80000000000000001751057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2c42eb93c4d49a2022-02-14 08:46:43.216root 11241100x80000000000000001751058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4530f7358d3be30a2022-02-14 08:46:43.216root 11241100x80000000000000001751059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5855497f15a8a92022-02-14 08:46:43.216root 11241100x80000000000000001751060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4530ad2cfb5cee6d2022-02-14 08:46:43.216root 11241100x80000000000000001751061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.217{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b238dbaf5b1c642022-02-14 08:46:43.217root 11241100x80000000000000001751062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.218{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82afb93ca7e312b2022-02-14 08:46:43.218root 11241100x80000000000000001751063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.218{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea70a92846b2e0e2022-02-14 08:46:43.218root 11241100x80000000000000001751064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.218{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6abe23cd240acff2022-02-14 08:46:43.218root 11241100x80000000000000001751065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.218{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16028cdee9328d552022-02-14 08:46:43.218root 11241100x80000000000000001751066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.218{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f526cad6965b71e32022-02-14 08:46:43.218root 11241100x80000000000000001751067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.218{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4cd257874838262022-02-14 08:46:43.218root 11241100x80000000000000001751068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.218{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36289038d49cf1b52022-02-14 08:46:43.218root 11241100x80000000000000001751069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.219{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066b2a7ed51c30f92022-02-14 08:46:43.219root 11241100x80000000000000001751070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.219{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65856b9f794d28a2022-02-14 08:46:43.219root 11241100x80000000000000001751071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.219{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249929fec67f0d192022-02-14 08:46:43.219root 11241100x80000000000000001751072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.219{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc61d68e9d92d7f62022-02-14 08:46:43.219root 11241100x80000000000000001751073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.219{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37fb9690d62b9492022-02-14 08:46:43.219root 11241100x80000000000000001751074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.220{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757ec60ce43a2faf2022-02-14 08:46:43.220root 11241100x80000000000000001751075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.222{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9ec0d2d0c7489e2022-02-14 08:46:43.222root 11241100x80000000000000001751076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.222{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1d6cd62de7f4812022-02-14 08:46:43.222root 11241100x80000000000000001751077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.222{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb762681a946a9cc2022-02-14 08:46:43.222root 11241100x80000000000000001751078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.222{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0e4aff7823a7192022-02-14 08:46:43.222root 11241100x80000000000000001751079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.223{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098506905631276c2022-02-14 08:46:43.223root 11241100x80000000000000001751080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.223{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57467e1a5bea91d2022-02-14 08:46:43.223root 11241100x80000000000000001751081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.223{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48167cdee55e8fe82022-02-14 08:46:43.223root 11241100x80000000000000001751082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.223{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3978c85d6ca7bd92022-02-14 08:46:43.223root 11241100x80000000000000001751083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.224{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc49cd7abc9bbf02022-02-14 08:46:43.224root 11241100x80000000000000001751084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1cd9165911e5612022-02-14 08:46:43.680root 11241100x80000000000000001751085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43ebc32d28c2e392022-02-14 08:46:43.680root 11241100x80000000000000001751086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba42214935023bbe2022-02-14 08:46:43.680root 11241100x80000000000000001751087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1607faa2418db0fe2022-02-14 08:46:43.680root 11241100x80000000000000001751088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c95739bc3243212022-02-14 08:46:43.680root 11241100x80000000000000001751089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cd1ae5402b3d112022-02-14 08:46:43.680root 11241100x80000000000000001751090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789f95dd58c71cb62022-02-14 08:46:43.680root 11241100x80000000000000001751091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aedddb9236cdf272022-02-14 08:46:43.681root 11241100x80000000000000001751092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fad5e3b3c95b832022-02-14 08:46:43.681root 11241100x80000000000000001751093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae5ae9f3703be902022-02-14 08:46:43.681root 11241100x80000000000000001751094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faedf00e1b39ea092022-02-14 08:46:43.681root 11241100x80000000000000001751095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3733260cb1392b902022-02-14 08:46:43.681root 11241100x80000000000000001751096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902dfdfa6fe0e04b2022-02-14 08:46:43.681root 11241100x80000000000000001751097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a06aacaffb8c9e2022-02-14 08:46:43.681root 11241100x80000000000000001751098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e284a3c49c782b902022-02-14 08:46:43.681root 11241100x80000000000000001751099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbe11af2b2956ce2022-02-14 08:46:43.681root 11241100x80000000000000001751100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5c9049dadb46882022-02-14 08:46:43.681root 11241100x80000000000000001751101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb176eaae7a1c152022-02-14 08:46:43.681root 11241100x80000000000000001751102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c73b1c812d899b2022-02-14 08:46:43.681root 11241100x80000000000000001751103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d484c600a2746f2022-02-14 08:46:43.681root 11241100x80000000000000001751104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc8a94cffe5f19e2022-02-14 08:46:43.681root 11241100x80000000000000001751105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed99e8b757811d322022-02-14 08:46:43.681root 11241100x80000000000000001751106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf74ba69d07c23b02022-02-14 08:46:43.682root 11241100x80000000000000001751107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fad7d04865bfde2022-02-14 08:46:43.682root 11241100x80000000000000001751108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e793dc5c61c9f2a2022-02-14 08:46:43.682root 11241100x80000000000000001751109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171de8e44f4500fb2022-02-14 08:46:43.682root 11241100x80000000000000001751110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc209024b1a17a22022-02-14 08:46:43.682root 11241100x80000000000000001751111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d96287e2fa86992022-02-14 08:46:43.682root 11241100x80000000000000001751112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2da156302612442022-02-14 08:46:43.682root 11241100x80000000000000001751113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbd2f5dd32a3c7e2022-02-14 08:46:43.682root 11241100x80000000000000001751114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55353ed893044a32022-02-14 08:46:43.682root 11241100x80000000000000001751115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:43.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce64f0d6231351532022-02-14 08:46:43.682root 11241100x80000000000000001751116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1637a4e0f2091e872022-02-14 08:46:44.180root 11241100x80000000000000001751117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e14c29a6cfaa8152022-02-14 08:46:44.180root 11241100x80000000000000001751118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa02f67124aa2d62022-02-14 08:46:44.180root 11241100x80000000000000001751119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39defce194c683302022-02-14 08:46:44.180root 11241100x80000000000000001751120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9bc97a608d50a42022-02-14 08:46:44.180root 11241100x80000000000000001751121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0a992d7738c1472022-02-14 08:46:44.180root 11241100x80000000000000001751122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ab5579308b3bfe2022-02-14 08:46:44.180root 11241100x80000000000000001751123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed65ddd601e87a82022-02-14 08:46:44.180root 11241100x80000000000000001751124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9df644a89501e52022-02-14 08:46:44.180root 11241100x80000000000000001751125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f640a22a6c08cc82022-02-14 08:46:44.180root 11241100x80000000000000001751126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0dfd60399293d62022-02-14 08:46:44.180root 11241100x80000000000000001751127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82dd6d8917018efd2022-02-14 08:46:44.180root 11241100x80000000000000001751128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ce48c661e501c82022-02-14 08:46:44.180root 11241100x80000000000000001751129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58068933cddbb8f2022-02-14 08:46:44.181root 11241100x80000000000000001751130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8b14b27d4a39e72022-02-14 08:46:44.181root 11241100x80000000000000001751131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7922ca7c251c40782022-02-14 08:46:44.181root 11241100x80000000000000001751132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a3d7cfa1d365712022-02-14 08:46:44.181root 11241100x80000000000000001751133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826a800839a0614f2022-02-14 08:46:44.181root 11241100x80000000000000001751134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb5330546ec712b2022-02-14 08:46:44.181root 11241100x80000000000000001751135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f5f21da590a8ad2022-02-14 08:46:44.181root 11241100x80000000000000001751136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7229e1c29b0c00b82022-02-14 08:46:44.181root 11241100x80000000000000001751137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a80de5430775f12022-02-14 08:46:44.181root 11241100x80000000000000001751138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b45a1f95c8fc3da2022-02-14 08:46:44.181root 11241100x80000000000000001751139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d84292f5d2cd7ed2022-02-14 08:46:44.181root 11241100x80000000000000001751140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6366cafc66e2e12022-02-14 08:46:44.181root 11241100x80000000000000001751141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651bbb4b96c281d22022-02-14 08:46:44.181root 11241100x80000000000000001751142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58021214e5ece8f62022-02-14 08:46:44.182root 11241100x80000000000000001751143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4a51f6b65ef8752022-02-14 08:46:44.182root 11241100x80000000000000001751144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adce15aab0d442392022-02-14 08:46:44.182root 11241100x80000000000000001751145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896f701fc1f639752022-02-14 08:46:44.182root 11241100x80000000000000001751146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a028d96e58d5202022-02-14 08:46:44.182root 11241100x80000000000000001751147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d56c02f389b72052022-02-14 08:46:44.680root 11241100x80000000000000001751148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677a71b9e7622c332022-02-14 08:46:44.680root 11241100x80000000000000001751149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3800274f6402462022-02-14 08:46:44.680root 11241100x80000000000000001751150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa655c1dbe45d0c2022-02-14 08:46:44.680root 11241100x80000000000000001751151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a1db33a11023892022-02-14 08:46:44.680root 11241100x80000000000000001751152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdb685a5dc5757c2022-02-14 08:46:44.680root 11241100x80000000000000001751153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cac58e0edb4d40d2022-02-14 08:46:44.680root 11241100x80000000000000001751154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5b1de5a597e5d02022-02-14 08:46:44.680root 11241100x80000000000000001751155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66183803babe74c2022-02-14 08:46:44.680root 11241100x80000000000000001751156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d305e24df533852022-02-14 08:46:44.680root 11241100x80000000000000001751157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5398256ac5f05e9f2022-02-14 08:46:44.681root 11241100x80000000000000001751158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895fb6d342f9340b2022-02-14 08:46:44.681root 11241100x80000000000000001751159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205df0fe6cb7f3e02022-02-14 08:46:44.681root 11241100x80000000000000001751160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4550fcd723170342022-02-14 08:46:44.681root 11241100x80000000000000001751161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e545295b4d58562022-02-14 08:46:44.681root 11241100x80000000000000001751162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1c5ccd36a860f12022-02-14 08:46:44.681root 11241100x80000000000000001751163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb02624fa6131e02022-02-14 08:46:44.681root 11241100x80000000000000001751164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce8ebee588284d72022-02-14 08:46:44.681root 11241100x80000000000000001751165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f55958d509410762022-02-14 08:46:44.681root 11241100x80000000000000001751166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349a8e8554534a2c2022-02-14 08:46:44.681root 11241100x80000000000000001751167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5368899a1a72b0652022-02-14 08:46:44.681root 11241100x80000000000000001751168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55255218f4d7e2042022-02-14 08:46:44.681root 11241100x80000000000000001751169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31aff963b1e040552022-02-14 08:46:44.681root 11241100x80000000000000001751170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae9f6a95f3978c72022-02-14 08:46:44.681root 11241100x80000000000000001751171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204882e54f112af22022-02-14 08:46:44.682root 11241100x80000000000000001751172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c21ed6eb0fdf2da2022-02-14 08:46:44.682root 11241100x80000000000000001751173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46fc088f0d0f61c2022-02-14 08:46:44.682root 11241100x80000000000000001751174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d942e54851ba478b2022-02-14 08:46:44.682root 11241100x80000000000000001751175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5a35ee79397aac2022-02-14 08:46:44.682root 11241100x80000000000000001751176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c11c0d7a119a8262022-02-14 08:46:44.682root 11241100x80000000000000001751177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fe83964807751d2022-02-14 08:46:44.682root 11241100x80000000000000001751178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9da6fae2987f0702022-02-14 08:46:44.682root 11241100x80000000000000001751179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a4812920f6a5bd2022-02-14 08:46:44.682root 11241100x80000000000000001751180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:44.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f2f826136489182022-02-14 08:46:44.682root 11241100x80000000000000001751181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef34321931957a62022-02-14 08:46:45.180root 11241100x80000000000000001751182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82149203ce3c9b482022-02-14 08:46:45.180root 11241100x80000000000000001751183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3167ab21a576cc2022-02-14 08:46:45.180root 11241100x80000000000000001751184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ce60a63dd399ee2022-02-14 08:46:45.180root 11241100x80000000000000001751185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b889978edddbb43c2022-02-14 08:46:45.180root 11241100x80000000000000001751186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9955a37245c906c2022-02-14 08:46:45.180root 11241100x80000000000000001751187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0dd39a5c17986f2022-02-14 08:46:45.180root 11241100x80000000000000001751188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4766d2e8f11ef272022-02-14 08:46:45.180root 11241100x80000000000000001751189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651de1d2d32dcaf92022-02-14 08:46:45.180root 11241100x80000000000000001751190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad3440f775feed82022-02-14 08:46:45.180root 11241100x80000000000000001751191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a1a1d841d484c72022-02-14 08:46:45.181root 11241100x80000000000000001751192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640be6fd4ff1b48a2022-02-14 08:46:45.181root 11241100x80000000000000001751193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005f134e542631512022-02-14 08:46:45.181root 11241100x80000000000000001751194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ba8a90ba23914f2022-02-14 08:46:45.181root 11241100x80000000000000001751195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5480df5ef3bb72162022-02-14 08:46:45.181root 11241100x80000000000000001751196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e95485872a0ffd12022-02-14 08:46:45.181root 11241100x80000000000000001751197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3135fe6cad8cc172022-02-14 08:46:45.181root 11241100x80000000000000001751198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e019fb01e45ed3b2022-02-14 08:46:45.181root 11241100x80000000000000001751199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672775aca51c74ed2022-02-14 08:46:45.181root 11241100x80000000000000001751200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6355343d8456b2d2022-02-14 08:46:45.181root 11241100x80000000000000001751201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ca93977a68a8072022-02-14 08:46:45.181root 11241100x80000000000000001751202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceea1f32b769142b2022-02-14 08:46:45.181root 11241100x80000000000000001751203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12b053831132fb42022-02-14 08:46:45.181root 11241100x80000000000000001751204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6534156f3434f8842022-02-14 08:46:45.181root 11241100x80000000000000001751205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458370f248918b992022-02-14 08:46:45.182root 11241100x80000000000000001751206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a01d63883945e52022-02-14 08:46:45.182root 11241100x80000000000000001751207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc2dd37f106b3302022-02-14 08:46:45.182root 11241100x80000000000000001751208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5616c2f20138109f2022-02-14 08:46:45.182root 11241100x80000000000000001751209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108462cd72f8b1632022-02-14 08:46:45.182root 11241100x80000000000000001751210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e7bb761050fc752022-02-14 08:46:45.182root 11241100x80000000000000001751211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fefb28e2daf1a12022-02-14 08:46:45.182root 11241100x80000000000000001751212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9649c14041710da22022-02-14 08:46:45.681root 11241100x80000000000000001751213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822d07bd7afa54662022-02-14 08:46:45.681root 11241100x80000000000000001751214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e51a6b561d6a6c2022-02-14 08:46:45.681root 11241100x80000000000000001751215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca75dccfdd2072e2022-02-14 08:46:45.681root 11241100x80000000000000001751216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5c506beaefbe9d2022-02-14 08:46:45.681root 11241100x80000000000000001751217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61413c59723f89702022-02-14 08:46:45.681root 11241100x80000000000000001751218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288af1a4b1fe90a12022-02-14 08:46:45.681root 11241100x80000000000000001751219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28637c4de70e5a02022-02-14 08:46:45.681root 11241100x80000000000000001751220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f57fa33a2f2b5e2022-02-14 08:46:45.681root 11241100x80000000000000001751221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25109a1632f524982022-02-14 08:46:45.681root 11241100x80000000000000001751222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25237b89db7ca852022-02-14 08:46:45.681root 11241100x80000000000000001751223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3359a2fd32e6e91d2022-02-14 08:46:45.681root 11241100x80000000000000001751224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d372e4b50260de42022-02-14 08:46:45.682root 11241100x80000000000000001751225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88030068365bf0882022-02-14 08:46:45.682root 11241100x80000000000000001751226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801fad91f6bba6712022-02-14 08:46:45.682root 11241100x80000000000000001751227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8374ed02af9dd932022-02-14 08:46:45.682root 11241100x80000000000000001751228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c2dd7157e13c922022-02-14 08:46:45.682root 11241100x80000000000000001751229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfbad449ca649052022-02-14 08:46:45.682root 11241100x80000000000000001751230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff4d62dcf4f48b32022-02-14 08:46:45.682root 11241100x80000000000000001751231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873e5f1cdbde09962022-02-14 08:46:45.682root 11241100x80000000000000001751232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb4d522554467632022-02-14 08:46:45.682root 11241100x80000000000000001751233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffae39ebf3fdff82022-02-14 08:46:45.682root 11241100x80000000000000001751234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2329c712d772d02b2022-02-14 08:46:45.683root 11241100x80000000000000001751235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97c24aa19f061c72022-02-14 08:46:45.683root 11241100x80000000000000001751236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc39f83e333cc002022-02-14 08:46:45.683root 11241100x80000000000000001751237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc1876560add1962022-02-14 08:46:45.683root 11241100x80000000000000001751238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77ce618caff1d912022-02-14 08:46:45.683root 11241100x80000000000000001751239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033ad9b038306eca2022-02-14 08:46:45.683root 11241100x80000000000000001751240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e3c80d98cd03c82022-02-14 08:46:45.683root 11241100x80000000000000001751241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7ad98308e3e3922022-02-14 08:46:45.683root 11241100x80000000000000001751242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:45.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67822cbb47b36a72022-02-14 08:46:45.683root 354300x80000000000000001751243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.161{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51544-false10.0.1.12-8000- 11241100x80000000000000001751244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.162{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9cb571caddf91f2022-02-14 08:46:46.162root 11241100x80000000000000001751245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.162{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808eb57125e32ffc2022-02-14 08:46:46.162root 11241100x80000000000000001751246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.163{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8daa59eff555eca02022-02-14 08:46:46.163root 11241100x80000000000000001751247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.163{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9860e12fd28aea02022-02-14 08:46:46.163root 11241100x80000000000000001751248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.163{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb2b69df0fc183d2022-02-14 08:46:46.163root 11241100x80000000000000001751249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.164{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a23622ce6d789fa2022-02-14 08:46:46.164root 11241100x80000000000000001751250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.164{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52786787bf54dd252022-02-14 08:46:46.164root 11241100x80000000000000001751251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.164{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c4851fe6fb28582022-02-14 08:46:46.164root 11241100x80000000000000001751252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.165{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed820745b13e6cd2022-02-14 08:46:46.165root 11241100x80000000000000001751253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.166{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7c8837bd6cf8cb2022-02-14 08:46:46.166root 11241100x80000000000000001751254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.166{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062272759ded33ad2022-02-14 08:46:46.166root 11241100x80000000000000001751255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.166{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7b4b6ff96ecfba2022-02-14 08:46:46.166root 11241100x80000000000000001751256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.166{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9076707ac91e762022-02-14 08:46:46.166root 11241100x80000000000000001751257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.166{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bb78ca697a275b2022-02-14 08:46:46.166root 11241100x80000000000000001751258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.166{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97959afb588e94e2022-02-14 08:46:46.166root 11241100x80000000000000001751259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.166{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a9b808558440492022-02-14 08:46:46.166root 11241100x80000000000000001751260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.166{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9332e3597e167172022-02-14 08:46:46.166root 11241100x80000000000000001751261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.166{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e65e41105add662022-02-14 08:46:46.166root 11241100x80000000000000001751262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.166{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8919297037cf7def2022-02-14 08:46:46.166root 11241100x80000000000000001751263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.167{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6d611be5b9c56a2022-02-14 08:46:46.167root 11241100x80000000000000001751264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.167{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f458151a8485faab2022-02-14 08:46:46.167root 11241100x80000000000000001751265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.167{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec67cc5d143648e2022-02-14 08:46:46.167root 11241100x80000000000000001751266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.167{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f22b2fa133e7c9a2022-02-14 08:46:46.167root 11241100x80000000000000001751267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.167{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b763eb9a70d5d92022-02-14 08:46:46.167root 11241100x80000000000000001751268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.167{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfacde7889aeca72022-02-14 08:46:46.167root 11241100x80000000000000001751269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.167{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b1830b9fc83df12022-02-14 08:46:46.167root 11241100x80000000000000001751270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.167{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea5739f9e0208c12022-02-14 08:46:46.167root 11241100x80000000000000001751271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.167{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd90d4848dc1e7212022-02-14 08:46:46.167root 11241100x80000000000000001751272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.167{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ed2d8a0ecda54c2022-02-14 08:46:46.167root 11241100x80000000000000001751273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.168{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23374c5c8045c64b2022-02-14 08:46:46.168root 11241100x80000000000000001751274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.168{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c00b41647d051412022-02-14 08:46:46.168root 11241100x80000000000000001751275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.168{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddf9a09a78e16a52022-02-14 08:46:46.168root 11241100x80000000000000001751276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.168{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78b5fc6c5ab6f0d2022-02-14 08:46:46.168root 11241100x80000000000000001751277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.168{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f11955b2d62fd792022-02-14 08:46:46.168root 11241100x80000000000000001751278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.168{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9455062d0d89d49a2022-02-14 08:46:46.168root 11241100x80000000000000001751279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.168{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e5ec6241de3d732022-02-14 08:46:46.168root 11241100x80000000000000001751280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256ee824edec1edf2022-02-14 08:46:46.430root 11241100x80000000000000001751281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1805ab78e753e4ab2022-02-14 08:46:46.431root 11241100x80000000000000001751282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171e700b664de04d2022-02-14 08:46:46.432root 11241100x80000000000000001751283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d48586e6a6884f52022-02-14 08:46:46.432root 11241100x80000000000000001751284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3622f9866cf5f6f22022-02-14 08:46:46.433root 11241100x80000000000000001751285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfc78a5e84dbe2e2022-02-14 08:46:46.433root 11241100x80000000000000001751286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86bcc7ba083f78322022-02-14 08:46:46.433root 11241100x80000000000000001751287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c9cf0f7f6db2d52022-02-14 08:46:46.434root 11241100x80000000000000001751288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c89f9ef433d11a2022-02-14 08:46:46.434root 11241100x80000000000000001751289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc141636d4059d9e2022-02-14 08:46:46.434root 11241100x80000000000000001751290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7e9d07eb073e172022-02-14 08:46:46.435root 11241100x80000000000000001751291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e2847656eeeb162022-02-14 08:46:46.435root 11241100x80000000000000001751292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5803b384b4db5e2022-02-14 08:46:46.436root 11241100x80000000000000001751293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4717fbd6333043e92022-02-14 08:46:46.436root 11241100x80000000000000001751294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edca0fdf98a56a022022-02-14 08:46:46.436root 11241100x80000000000000001751295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695fcc3ae7c2e21b2022-02-14 08:46:46.437root 11241100x80000000000000001751296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599c31c0f321cefa2022-02-14 08:46:46.437root 11241100x80000000000000001751297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa121472042a18d2022-02-14 08:46:46.437root 11241100x80000000000000001751298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ec09b3be18e5f72022-02-14 08:46:46.438root 11241100x80000000000000001751299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a778b273fcb0bf2022-02-14 08:46:46.438root 11241100x80000000000000001751300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9323440f6aa766a12022-02-14 08:46:46.438root 11241100x80000000000000001751301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3948d946876e5ad2022-02-14 08:46:46.439root 11241100x80000000000000001751302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2be06c9c0c7af22022-02-14 08:46:46.439root 11241100x80000000000000001751303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0e6dd06da0d7fc2022-02-14 08:46:46.439root 11241100x80000000000000001751304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54eb1a4d2e992b082022-02-14 08:46:46.439root 11241100x80000000000000001751305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5800ccd54ba5d9b32022-02-14 08:46:46.440root 11241100x80000000000000001751306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7aed8d8c7575aa92022-02-14 08:46:46.440root 11241100x80000000000000001751307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932d09a6b8e7609f2022-02-14 08:46:46.440root 11241100x80000000000000001751308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b333ec35c4014e2022-02-14 08:46:46.440root 11241100x80000000000000001751309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24d428c10ed5c722022-02-14 08:46:46.441root 11241100x80000000000000001751310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7023e98d9da0281d2022-02-14 08:46:46.441root 11241100x80000000000000001751311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4fd2c8a94f10d782022-02-14 08:46:46.441root 11241100x80000000000000001751312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc6aa1fc5c95d022022-02-14 08:46:46.930root 11241100x80000000000000001751313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661326d27391ff1a2022-02-14 08:46:46.930root 11241100x80000000000000001751314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df57f29dfebfb032022-02-14 08:46:46.930root 11241100x80000000000000001751315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8a61c3e0f2410a2022-02-14 08:46:46.930root 11241100x80000000000000001751316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebc822fe50ef6992022-02-14 08:46:46.930root 11241100x80000000000000001751317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9a0048f336d9422022-02-14 08:46:46.930root 11241100x80000000000000001751318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2381387642ce832022-02-14 08:46:46.930root 11241100x80000000000000001751319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bf52d1c55bed462022-02-14 08:46:46.931root 11241100x80000000000000001751320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09875c5f62ed932a2022-02-14 08:46:46.931root 11241100x80000000000000001751321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf1bbad1962e04e2022-02-14 08:46:46.931root 11241100x80000000000000001751322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342cdc3276c557c62022-02-14 08:46:46.931root 11241100x80000000000000001751323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8179b6f321be8232022-02-14 08:46:46.932root 11241100x80000000000000001751324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb653153bd704a02022-02-14 08:46:46.932root 11241100x80000000000000001751325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a67a0e6c007556f2022-02-14 08:46:46.932root 11241100x80000000000000001751326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecba248d6357cee2022-02-14 08:46:46.933root 11241100x80000000000000001751327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcea02b3b36733682022-02-14 08:46:46.933root 11241100x80000000000000001751328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975d688c235257ad2022-02-14 08:46:46.934root 11241100x80000000000000001751329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef51710ed6fde412022-02-14 08:46:46.934root 11241100x80000000000000001751330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e16b8b916c19b462022-02-14 08:46:46.934root 11241100x80000000000000001751331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bba27c696ba10022022-02-14 08:46:46.934root 11241100x80000000000000001751332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfec7c1af18a1cb2022-02-14 08:46:46.935root 11241100x80000000000000001751333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2296073cbf471ff42022-02-14 08:46:46.936root 11241100x80000000000000001751334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aefbd5d3124a5ad2022-02-14 08:46:46.936root 11241100x80000000000000001751335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809940fea97efb9b2022-02-14 08:46:46.936root 11241100x80000000000000001751336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d187c37de9f419f2022-02-14 08:46:46.936root 11241100x80000000000000001751337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf1fd7c7344aae62022-02-14 08:46:46.936root 11241100x80000000000000001751338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f8376c54ea05852022-02-14 08:46:46.937root 11241100x80000000000000001751339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7d0a327a628d0a2022-02-14 08:46:46.937root 11241100x80000000000000001751340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa837cb45afb0ae02022-02-14 08:46:46.937root 11241100x80000000000000001751341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9c97a4f438768d2022-02-14 08:46:46.937root 11241100x80000000000000001751342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126fd6c2235ceb552022-02-14 08:46:46.937root 11241100x80000000000000001751343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a69d1a75908d4342022-02-14 08:46:46.937root 11241100x80000000000000001751344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3162a126f98920ad2022-02-14 08:46:46.937root 11241100x80000000000000001751345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cfbfe225dc13d02022-02-14 08:46:46.937root 11241100x80000000000000001751346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7418a60a0679cb802022-02-14 08:46:46.937root 11241100x80000000000000001751347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d89e147fa1e33d62022-02-14 08:46:46.938root 11241100x80000000000000001751348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7394fac664438a2022-02-14 08:46:46.938root 11241100x80000000000000001751349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3909e8a38e6d1632022-02-14 08:46:46.938root 11241100x80000000000000001751350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681eea8ba5a9748a2022-02-14 08:46:46.938root 11241100x80000000000000001751351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b726c1894d11682022-02-14 08:46:46.938root 11241100x80000000000000001751352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dba902c08b35bce2022-02-14 08:46:46.938root 11241100x80000000000000001751353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3955f988f935c23c2022-02-14 08:46:46.938root 11241100x80000000000000001751354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0de6256b0b41192022-02-14 08:46:46.938root 11241100x80000000000000001751355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406b13aa55a95f032022-02-14 08:46:46.938root 11241100x80000000000000001751356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66a83d28f4dfb672022-02-14 08:46:46.938root 11241100x80000000000000001751357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9738796c5e9394882022-02-14 08:46:46.939root 11241100x80000000000000001751358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:46.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ea0a14fb44f8632022-02-14 08:46:46.939root 11241100x80000000000000001751359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6151e2f616d519f2022-02-14 08:46:47.430root 11241100x80000000000000001751360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c4b79960a00df22022-02-14 08:46:47.430root 11241100x80000000000000001751361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad57767ff56398ae2022-02-14 08:46:47.430root 11241100x80000000000000001751362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13476f7526798e102022-02-14 08:46:47.430root 11241100x80000000000000001751363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd2e679d01f31b92022-02-14 08:46:47.431root 11241100x80000000000000001751364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b7b02bc7abc9042022-02-14 08:46:47.431root 11241100x80000000000000001751365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0339513492968ad42022-02-14 08:46:47.431root 11241100x80000000000000001751366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4136010eff0cf02022-02-14 08:46:47.431root 11241100x80000000000000001751367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1e9d90e67641082022-02-14 08:46:47.431root 11241100x80000000000000001751368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac2aba8300e8f952022-02-14 08:46:47.432root 11241100x80000000000000001751369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87635446c93df3ad2022-02-14 08:46:47.432root 11241100x80000000000000001751370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63366e06548de4ac2022-02-14 08:46:47.432root 11241100x80000000000000001751371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9a0de2b82df0932022-02-14 08:46:47.432root 11241100x80000000000000001751372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5782fd0a98c04a2022-02-14 08:46:47.432root 11241100x80000000000000001751373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4126da1d42bdc6a92022-02-14 08:46:47.432root 11241100x80000000000000001751374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6b3f268c1bf85e2022-02-14 08:46:47.432root 11241100x80000000000000001751375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab87ab5ebfb5e6f02022-02-14 08:46:47.432root 11241100x80000000000000001751376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a321c7653b27c0e12022-02-14 08:46:47.432root 11241100x80000000000000001751377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb2728ad9a7ff2d2022-02-14 08:46:47.433root 11241100x80000000000000001751378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b594f5ad4b67ab82022-02-14 08:46:47.433root 11241100x80000000000000001751379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4817678762e8b5f02022-02-14 08:46:47.433root 11241100x80000000000000001751380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad767f561753be542022-02-14 08:46:47.433root 11241100x80000000000000001751381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f153dc87e8cebe2022-02-14 08:46:47.433root 11241100x80000000000000001751382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf6e9e9756ab5432022-02-14 08:46:47.433root 11241100x80000000000000001751383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27426a0ccab5eb242022-02-14 08:46:47.433root 11241100x80000000000000001751384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac78fd927f6578742022-02-14 08:46:47.433root 11241100x80000000000000001751385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6102803ce46e1e462022-02-14 08:46:47.434root 11241100x80000000000000001751386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8974f608f14da8bd2022-02-14 08:46:47.434root 11241100x80000000000000001751387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd72f9f2456782912022-02-14 08:46:47.434root 11241100x80000000000000001751388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc517caa35983ee2022-02-14 08:46:47.434root 11241100x80000000000000001751389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701274b32abcefb72022-02-14 08:46:47.434root 11241100x80000000000000001751390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4476205a5f82d72022-02-14 08:46:47.434root 154100x80000000000000001751391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.581{ec2ab09f-16f7-620a-08ee-c4f8e9550000}2030/usr/bin/sudo-----sudo nano net_dis.sh/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{ec2ab09f-1691-620a-0814-31b1c5550000}2004/bin/bash-bashubuntu 354300x80000000000000001751392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.601{ec2ab09f-16f7-620a-08ee-c4f8e9550000}2030/usr/bin/sudoubuntuudptruefalse127.0.0.1-37383-false127.0.0.53-53- 354300x80000000000000001751393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.602{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-54679-false10.0.0.2-53- 354300x80000000000000001751394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.602{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-50734-false10.0.0.2-53- 354300x80000000000000001751395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.624{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-37383- 354300x80000000000000001751396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.624{ec2ab09f-16f7-620a-08ee-c4f8e9550000}2030/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-37383- 354300x80000000000000001751397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.627{ec2ab09f-16f7-620a-08ee-c4f8e9550000}2030/usr/bin/sudoubuntuudptruefalse127.0.0.1-41765-false127.0.0.53-53- 354300x80000000000000001751398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.627{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-41765- 11241100x80000000000000001751399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.628{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489/lib/systemd/systemd-udevd/run/udev/queue2022-02-14 08:46:47.628root 23542300x80000000000000001751400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.630{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000001751401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.630{ec2ab09f-16f7-620a-0000-000000000000}2031-root 154100x80000000000000001751402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.631{ec2ab09f-16f7-620a-8032-1722c0550000}2032/bin/nano-----nano net_dis.sh/home/ubunturoot{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-16f7-620a-08ee-c4f8e9550000}2030/usr/bin/sudosudoubuntu 11241100x80000000000000001751403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.699{ec2ab09f-16f7-620a-8032-1722c0550000}2032/bin/nano/home/ubuntu/.net_dis.sh.swp2022-02-14 08:46:47.699root 11241100x80000000000000001751404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b938538c00a71e1e2022-02-14 08:46:47.699root 11241100x80000000000000001751405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0817d51f24703b092022-02-14 08:46:47.699root 11241100x80000000000000001751406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d7af1471e79dec2022-02-14 08:46:47.700root 11241100x80000000000000001751407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4724ec5a0faaced82022-02-14 08:46:47.700root 11241100x80000000000000001751408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7aaab0052683732022-02-14 08:46:47.700root 11241100x80000000000000001751409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254b87d822bc65d42022-02-14 08:46:47.700root 11241100x80000000000000001751410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5155df82afb4ccb02022-02-14 08:46:47.700root 11241100x80000000000000001751411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f909691534a5664c2022-02-14 08:46:47.700root 11241100x80000000000000001751412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cc7f27843786e82022-02-14 08:46:47.700root 11241100x80000000000000001751413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03c35560763c5482022-02-14 08:46:47.700root 11241100x80000000000000001751414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db9ffebaf40a2952022-02-14 08:46:47.700root 11241100x80000000000000001751415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631e0f9e8a602ee32022-02-14 08:46:47.700root 11241100x80000000000000001751416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d028af3eafbb7f2022-02-14 08:46:47.700root 11241100x80000000000000001751417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d879454fd6bb5012022-02-14 08:46:47.700root 11241100x80000000000000001751418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d2685adae3da4e2022-02-14 08:46:47.701root 11241100x80000000000000001751419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dabd14a38dc47e2022-02-14 08:46:47.701root 11241100x80000000000000001751420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6938d78c25cc6c522022-02-14 08:46:47.701root 11241100x80000000000000001751421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397a5a796c9f02772022-02-14 08:46:47.701root 11241100x80000000000000001751422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44787aceb2605d162022-02-14 08:46:47.701root 11241100x80000000000000001751423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4aecb39a49adfc22022-02-14 08:46:47.701root 11241100x80000000000000001751424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546c804fa92e44912022-02-14 08:46:47.701root 11241100x80000000000000001751425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985943c54a3ead982022-02-14 08:46:47.701root 11241100x80000000000000001751426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8e0b4aacd0050e2022-02-14 08:46:47.701root 11241100x80000000000000001751427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3d8516a63e9c4b2022-02-14 08:46:47.701root 11241100x80000000000000001751428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba86317241d51e3e2022-02-14 08:46:47.701root 11241100x80000000000000001751429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e604fac0e5f4e282022-02-14 08:46:47.702root 11241100x80000000000000001751430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b510069f9cbcbe2022-02-14 08:46:47.702root 11241100x80000000000000001751431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcf1f203974f6242022-02-14 08:46:47.702root 11241100x80000000000000001751432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc7cb0799a7197f2022-02-14 08:46:47.702root 11241100x80000000000000001751433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb8c852751fe8d22022-02-14 08:46:47.702root 11241100x80000000000000001751434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd6e95b253b8cfd2022-02-14 08:46:47.702root 11241100x80000000000000001751435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99e0c1984946e762022-02-14 08:46:47.702root 11241100x80000000000000001751436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241d49dd234f5afa2022-02-14 08:46:47.702root 11241100x80000000000000001751437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7765373cbe182f2022-02-14 08:46:47.702root 11241100x80000000000000001751438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c458877fbca61c2022-02-14 08:46:47.702root 11241100x80000000000000001751439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79708bb6b16bf1272022-02-14 08:46:47.703root 11241100x80000000000000001751440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7f86728ca049ac2022-02-14 08:46:47.703root 11241100x80000000000000001751441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65892fa0764237e92022-02-14 08:46:47.703root 11241100x80000000000000001751442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777713d8f846cdc32022-02-14 08:46:47.703root 11241100x80000000000000001751443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e58c4bfa118bb82022-02-14 08:46:47.703root 11241100x80000000000000001751444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81784960a8f96da42022-02-14 08:46:47.703root 11241100x80000000000000001751445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50e4946370572682022-02-14 08:46:47.703root 11241100x80000000000000001751446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07a06fb639676fd2022-02-14 08:46:47.703root 11241100x80000000000000001751447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befbd400ee100f392022-02-14 08:46:47.703root 11241100x80000000000000001751448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722dfc335d37bf252022-02-14 08:46:47.703root 11241100x80000000000000001751449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264d13d59eacaf282022-02-14 08:46:47.704root 11241100x80000000000000001751450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384213b655db10052022-02-14 08:46:47.704root 11241100x80000000000000001751451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0521fdc110b7e52022-02-14 08:46:47.704root 11241100x80000000000000001751452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93031f2b9d11fe1a2022-02-14 08:46:47.704root 11241100x80000000000000001751453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf12be82acac5532022-02-14 08:46:47.704root 11241100x80000000000000001751454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89446e730f024f442022-02-14 08:46:47.704root 11241100x80000000000000001751455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbc94f5f22324762022-02-14 08:46:47.704root 11241100x80000000000000001751456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5a4d0cbad1a7c72022-02-14 08:46:47.704root 11241100x80000000000000001751457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067222bf487463252022-02-14 08:46:47.704root 11241100x80000000000000001751458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db3cd12f38213522022-02-14 08:46:47.704root 11241100x80000000000000001751459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4db755974a9f7da2022-02-14 08:46:47.704root 11241100x80000000000000001751460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b07dc303431970e2022-02-14 08:46:47.705root 11241100x80000000000000001751461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ec5ef8d50db5652022-02-14 08:46:47.705root 11241100x80000000000000001751462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f370ebc4506300d22022-02-14 08:46:47.705root 11241100x80000000000000001751463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3220eaeaa00c662022-02-14 08:46:47.705root 11241100x80000000000000001751464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260fe2b6b24142ca2022-02-14 08:46:47.705root 11241100x80000000000000001751465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0411c8b2a4a6eb432022-02-14 08:46:47.705root 11241100x80000000000000001751466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e92d59db527065b2022-02-14 08:46:47.705root 11241100x80000000000000001751467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ca9da662222de42022-02-14 08:46:47.705root 11241100x80000000000000001751468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ae6f5a763c39322022-02-14 08:46:47.705root 11241100x80000000000000001751469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab694c31cbc9a7d2022-02-14 08:46:47.705root 11241100x80000000000000001751470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3264a49ffa64f782022-02-14 08:46:47.706root 11241100x80000000000000001751471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede58405a5c34e212022-02-14 08:46:47.706root 11241100x80000000000000001751472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39c4dcf8858f2882022-02-14 08:46:47.706root 11241100x80000000000000001751473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a945dccfb436799d2022-02-14 08:46:47.706root 11241100x80000000000000001751474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48af05938488422a2022-02-14 08:46:47.706root 11241100x80000000000000001751475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab774c0a45455eb2022-02-14 08:46:47.706root 11241100x80000000000000001751476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2b1f8d871cdf142022-02-14 08:46:47.706root 11241100x80000000000000001751477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0268a89e729c0502022-02-14 08:46:47.706root 11241100x80000000000000001751478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.707{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368c3735ca9317202022-02-14 08:46:47.707root 11241100x80000000000000001751479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.707{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bbc137d2e426442022-02-14 08:46:47.707root 11241100x80000000000000001751480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.708{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2832359b04af90a02022-02-14 08:46:47.708root 11241100x80000000000000001751481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.708{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90a8ffe724bb8ea2022-02-14 08:46:47.708root 11241100x80000000000000001751482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:47.708{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e13fa545d74bc652022-02-14 08:46:47.708root 11241100x80000000000000001751483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db221de08336636a2022-02-14 08:46:48.180root 11241100x80000000000000001751484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cea217950e373152022-02-14 08:46:48.180root 11241100x80000000000000001751485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98c9301de7b96c62022-02-14 08:46:48.180root 11241100x80000000000000001751486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c9665428a0c1232022-02-14 08:46:48.180root 11241100x80000000000000001751487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2a0fe1df36f6a12022-02-14 08:46:48.180root 11241100x80000000000000001751488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0cb3f61d1bed502022-02-14 08:46:48.180root 11241100x80000000000000001751489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8878d090b55ddb2022-02-14 08:46:48.180root 11241100x80000000000000001751490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b096297f8571bb2022-02-14 08:46:48.180root 11241100x80000000000000001751491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3734640708d84b122022-02-14 08:46:48.181root 11241100x80000000000000001751492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8ce652fd67a55d2022-02-14 08:46:48.181root 11241100x80000000000000001751493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5037599a0d97ca12022-02-14 08:46:48.181root 11241100x80000000000000001751494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e952db4ed02400ac2022-02-14 08:46:48.181root 11241100x80000000000000001751495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003ed5d848eae5dd2022-02-14 08:46:48.181root 11241100x80000000000000001751496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181539135aec9be12022-02-14 08:46:48.181root 11241100x80000000000000001751497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa11155f85524622022-02-14 08:46:48.181root 11241100x80000000000000001751498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e776c10bc32d87b2022-02-14 08:46:48.181root 11241100x80000000000000001751499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582936729181fae22022-02-14 08:46:48.181root 11241100x80000000000000001751500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bd1b25ed07e74e2022-02-14 08:46:48.182root 11241100x80000000000000001751501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdd2db90acab8752022-02-14 08:46:48.182root 11241100x80000000000000001751502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11a50405bdbf54c2022-02-14 08:46:48.182root 11241100x80000000000000001751503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1229c43c1fe84b492022-02-14 08:46:48.182root 11241100x80000000000000001751504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1788165856caf7b62022-02-14 08:46:48.182root 11241100x80000000000000001751505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7eec96d172028ca2022-02-14 08:46:48.182root 11241100x80000000000000001751506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dabc60b5b47adf2022-02-14 08:46:48.182root 11241100x80000000000000001751507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46c722dc7731cc62022-02-14 08:46:48.182root 11241100x80000000000000001751508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7beccb6a5164b5b72022-02-14 08:46:48.182root 11241100x80000000000000001751509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43efd704f93519e92022-02-14 08:46:48.183root 11241100x80000000000000001751510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b9a8dbff597a972022-02-14 08:46:48.183root 11241100x80000000000000001751511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119733ea3033c7a52022-02-14 08:46:48.183root 11241100x80000000000000001751512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab747318e7d6d1b42022-02-14 08:46:48.183root 11241100x80000000000000001751513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d23e4352cd43692022-02-14 08:46:48.183root 11241100x80000000000000001751514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e72dd6b5c17b5a2022-02-14 08:46:48.183root 11241100x80000000000000001751515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5943147833679ae72022-02-14 08:46:48.183root 11241100x80000000000000001751516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5394f146f51edd662022-02-14 08:46:48.183root 11241100x80000000000000001751517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b941d49e09005da82022-02-14 08:46:48.183root 11241100x80000000000000001751518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1711d8f08c0385cc2022-02-14 08:46:48.184root 11241100x80000000000000001751519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423cdddefb6ba64f2022-02-14 08:46:48.184root 11241100x80000000000000001751520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf131f3c2f42d262022-02-14 08:46:48.184root 11241100x80000000000000001751521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f210d7abd2bfec82022-02-14 08:46:48.184root 11241100x80000000000000001751522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897dbc507f1c6bf52022-02-14 08:46:48.185root 11241100x80000000000000001751523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a411eccad7de42ec2022-02-14 08:46:48.185root 11241100x80000000000000001751524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5400b407bdd946f2022-02-14 08:46:48.185root 11241100x80000000000000001751525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a668cc53463e70c92022-02-14 08:46:48.185root 11241100x80000000000000001751526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e37416ee8781f342022-02-14 08:46:48.185root 11241100x80000000000000001751527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a87609eea73fb62022-02-14 08:46:48.185root 11241100x80000000000000001751528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6af99c052e7c1e52022-02-14 08:46:48.185root 11241100x80000000000000001751529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28855e84cd48bbee2022-02-14 08:46:48.185root 11241100x80000000000000001751530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127434c01a74f0342022-02-14 08:46:48.186root 11241100x80000000000000001751531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd025703727d9982022-02-14 08:46:48.186root 11241100x80000000000000001751532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b21c23f3684bf72022-02-14 08:46:48.186root 11241100x80000000000000001751533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098e70504b45a85a2022-02-14 08:46:48.186root 11241100x80000000000000001751534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb03b90f3c97b522022-02-14 08:46:48.186root 11241100x80000000000000001751535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f68d13953e5f4132022-02-14 08:46:48.186root 11241100x80000000000000001751536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8de181c2fc4fb92022-02-14 08:46:48.186root 11241100x80000000000000001751537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908b1f1c9a7807f32022-02-14 08:46:48.186root 11241100x80000000000000001751538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c0a8bfe512827f2022-02-14 08:46:48.186root 11241100x80000000000000001751539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9913119e76448b732022-02-14 08:46:48.186root 11241100x80000000000000001751540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2610052457f7e22022-02-14 08:46:48.186root 11241100x80000000000000001751541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2420d2dc6534b252022-02-14 08:46:48.186root 11241100x80000000000000001751542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da865d910f3265c2022-02-14 08:46:48.186root 11241100x80000000000000001751543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40cbab8fbec9cf72022-02-14 08:46:48.186root 11241100x80000000000000001751544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0aef862eef1ce482022-02-14 08:46:48.187root 11241100x80000000000000001751545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d361a062437e2462022-02-14 08:46:48.187root 11241100x80000000000000001751546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16eb38531c0683282022-02-14 08:46:48.187root 11241100x80000000000000001751547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984435e53459aa0f2022-02-14 08:46:48.680root 11241100x80000000000000001751548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27f831a2a7882c82022-02-14 08:46:48.681root 11241100x80000000000000001751549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c8366421c5e0dc2022-02-14 08:46:48.681root 11241100x80000000000000001751550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add3657579bbf32c2022-02-14 08:46:48.682root 11241100x80000000000000001751551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724bff4b1dad95ef2022-02-14 08:46:48.682root 11241100x80000000000000001751552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e680c78657f3762022-02-14 08:46:48.682root 11241100x80000000000000001751553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db3fe5cafefccbc2022-02-14 08:46:48.682root 11241100x80000000000000001751554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbdd7d471642b472022-02-14 08:46:48.682root 11241100x80000000000000001751555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756d02fe7534409d2022-02-14 08:46:48.682root 11241100x80000000000000001751556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88378e4c9acd15ce2022-02-14 08:46:48.682root 11241100x80000000000000001751557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54245999c287c5062022-02-14 08:46:48.682root 11241100x80000000000000001751558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab06b9d96e3fff8b2022-02-14 08:46:48.682root 11241100x80000000000000001751559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fd46fb00ca3db32022-02-14 08:46:48.683root 11241100x80000000000000001751560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f024b2472033e9d92022-02-14 08:46:48.683root 11241100x80000000000000001751561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c25a0943e6384502022-02-14 08:46:48.683root 11241100x80000000000000001751562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230f60f79c4e3c8a2022-02-14 08:46:48.683root 11241100x80000000000000001751563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be91c75953d3330a2022-02-14 08:46:48.683root 11241100x80000000000000001751564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53061351721ad602022-02-14 08:46:48.683root 11241100x80000000000000001751565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e194438b81a502b82022-02-14 08:46:48.684root 11241100x80000000000000001751566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a72c5a7ba5d86542022-02-14 08:46:48.684root 11241100x80000000000000001751567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c69a163a03edc9f2022-02-14 08:46:48.684root 11241100x80000000000000001751568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bafedf221efa2d2022-02-14 08:46:48.684root 11241100x80000000000000001751569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fab824e907b8622022-02-14 08:46:48.684root 11241100x80000000000000001751570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fb708f36ea0ae82022-02-14 08:46:48.684root 11241100x80000000000000001751571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c626bb0fef2eb262022-02-14 08:46:48.684root 11241100x80000000000000001751572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ef5e5dc2d4fccb2022-02-14 08:46:48.684root 11241100x80000000000000001751573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd587cfccef60352022-02-14 08:46:48.684root 11241100x80000000000000001751574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d017ae2067034262022-02-14 08:46:48.684root 11241100x80000000000000001751575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc813d8e2eee2602022-02-14 08:46:48.685root 11241100x80000000000000001751576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56f0792256e401f2022-02-14 08:46:48.685root 11241100x80000000000000001751577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c81525ef32cf4c2022-02-14 08:46:48.685root 11241100x80000000000000001751578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051bd302e61afc5b2022-02-14 08:46:48.685root 11241100x80000000000000001751579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0f7ccc816bc5f42022-02-14 08:46:48.685root 11241100x80000000000000001751580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22143b84514dc0df2022-02-14 08:46:48.685root 11241100x80000000000000001751581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400ecb24d1fb15422022-02-14 08:46:48.685root 11241100x80000000000000001751582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8077942b94b842d2022-02-14 08:46:48.685root 11241100x80000000000000001751583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01461d61dbbfcc672022-02-14 08:46:48.686root 11241100x80000000000000001751584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0aa2282691cf01e2022-02-14 08:46:48.686root 11241100x80000000000000001751585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d573f74bf267c4f2022-02-14 08:46:48.686root 11241100x80000000000000001751586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd59d0a287b6a082022-02-14 08:46:48.686root 11241100x80000000000000001751587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9fb19df24b7c7ae2022-02-14 08:46:48.690root 11241100x80000000000000001751588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05cdf646f8386582022-02-14 08:46:48.690root 11241100x80000000000000001751589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fecdae80bc7c6882022-02-14 08:46:48.690root 11241100x80000000000000001751590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d458f6d995cb712022-02-14 08:46:48.691root 11241100x80000000000000001751591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:48.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ff9827d584a7232022-02-14 08:46:48.691root 11241100x80000000000000001751592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef703efa3cc5d902022-02-14 08:46:49.180root 11241100x80000000000000001751593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b10356b0eda153e2022-02-14 08:46:49.180root 11241100x80000000000000001751594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fbc646393ac46e2022-02-14 08:46:49.181root 11241100x80000000000000001751595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7b5c3f600aead52022-02-14 08:46:49.181root 11241100x80000000000000001751596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0b006258998e6e2022-02-14 08:46:49.181root 11241100x80000000000000001751597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a18ff2a44a21fa2022-02-14 08:46:49.181root 11241100x80000000000000001751598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8213270e33aa6cd2022-02-14 08:46:49.181root 11241100x80000000000000001751599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b26ad81900b270f2022-02-14 08:46:49.181root 11241100x80000000000000001751600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3f7778b032c7072022-02-14 08:46:49.181root 11241100x80000000000000001751601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c0d1d3cb4e547e2022-02-14 08:46:49.181root 11241100x80000000000000001751602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585f373b71a4b6e22022-02-14 08:46:49.181root 11241100x80000000000000001751603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3858e03951e7cad2022-02-14 08:46:49.182root 11241100x80000000000000001751604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014d6f4a39a069472022-02-14 08:46:49.182root 11241100x80000000000000001751605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27816b695a4216872022-02-14 08:46:49.182root 11241100x80000000000000001751606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f978f4e7713d3ddd2022-02-14 08:46:49.182root 11241100x80000000000000001751607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fdc553efb667ff2022-02-14 08:46:49.182root 11241100x80000000000000001751608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621f6c55f97f3b5f2022-02-14 08:46:49.182root 11241100x80000000000000001751609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8cb43a3f5ce1a82022-02-14 08:46:49.182root 11241100x80000000000000001751610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea124c6d41bbbe32022-02-14 08:46:49.182root 11241100x80000000000000001751611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbf6046aac827352022-02-14 08:46:49.183root 11241100x80000000000000001751612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e21d287c9eaafbd2022-02-14 08:46:49.183root 11241100x80000000000000001751613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d492c7dc3c1db84c2022-02-14 08:46:49.183root 11241100x80000000000000001751614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38013d80fe5536f92022-02-14 08:46:49.183root 11241100x80000000000000001751615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e75e2a8688d5d302022-02-14 08:46:49.183root 11241100x80000000000000001751616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2228c149b365b682022-02-14 08:46:49.183root 11241100x80000000000000001751617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4086cd37d9441e872022-02-14 08:46:49.184root 11241100x80000000000000001751618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34e4841bf4486232022-02-14 08:46:49.184root 11241100x80000000000000001751619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc18d99b45070df2022-02-14 08:46:49.184root 11241100x80000000000000001751620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370a718bfd4af5eb2022-02-14 08:46:49.184root 11241100x80000000000000001751621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c8ba3e4b176e772022-02-14 08:46:49.184root 11241100x80000000000000001751622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78479bd2db71dc1e2022-02-14 08:46:49.184root 11241100x80000000000000001751623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed01f327f5b44902022-02-14 08:46:49.184root 11241100x80000000000000001751624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2318788e44c537d12022-02-14 08:46:49.185root 11241100x80000000000000001751625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb4cc25c9b9b7192022-02-14 08:46:49.185root 11241100x80000000000000001751626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d85d55345667e22022-02-14 08:46:49.185root 11241100x80000000000000001751627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfca30ad515585c92022-02-14 08:46:49.185root 11241100x80000000000000001751628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b428131cbcc23152022-02-14 08:46:49.185root 11241100x80000000000000001751629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa877af848c3ead2022-02-14 08:46:49.185root 11241100x80000000000000001751630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c57f2e52b086a22022-02-14 08:46:49.185root 11241100x80000000000000001751631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88bec98b32dbce12022-02-14 08:46:49.185root 11241100x80000000000000001751632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9540f9f5cb0e30482022-02-14 08:46:49.186root 11241100x80000000000000001751633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ab2e4c62bcf24b2022-02-14 08:46:49.186root 11241100x80000000000000001751634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6b218741cbb0be2022-02-14 08:46:49.186root 11241100x80000000000000001751635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ebe1dd1ab739612022-02-14 08:46:49.186root 11241100x80000000000000001751636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0376bf21ca9f8e2022-02-14 08:46:49.186root 11241100x80000000000000001751637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4525b0e17454a82022-02-14 08:46:49.186root 11241100x80000000000000001751638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b5f19c541c55f72022-02-14 08:46:49.186root 11241100x80000000000000001751639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b316ee8b201505b2022-02-14 08:46:49.186root 11241100x80000000000000001751640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c4e42a9a60d6ab2022-02-14 08:46:49.186root 11241100x80000000000000001751641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89399dd79a669f82022-02-14 08:46:49.187root 11241100x80000000000000001751642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2950c3fc00e863bf2022-02-14 08:46:49.187root 11241100x80000000000000001751643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7e2d13d2d152f42022-02-14 08:46:49.187root 11241100x80000000000000001751644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99293dae77c0bf872022-02-14 08:46:49.187root 11241100x80000000000000001751645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de27954b26f9a812022-02-14 08:46:49.188root 11241100x80000000000000001751646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10aa1d8e838c4dc2022-02-14 08:46:49.188root 11241100x80000000000000001751647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdb86318064699a2022-02-14 08:46:49.680root 11241100x80000000000000001751648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290b6f14d465ff652022-02-14 08:46:49.681root 11241100x80000000000000001751649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3764ebc01064e52022-02-14 08:46:49.681root 11241100x80000000000000001751650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2c8df2823489a52022-02-14 08:46:49.681root 11241100x80000000000000001751651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3ecce83eb4ba792022-02-14 08:46:49.682root 11241100x80000000000000001751652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ec29fbd852694e2022-02-14 08:46:49.682root 11241100x80000000000000001751653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf2b79c5e31210f2022-02-14 08:46:49.682root 11241100x80000000000000001751654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ea9cae396288f72022-02-14 08:46:49.682root 11241100x80000000000000001751655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859ec23ac00b70372022-02-14 08:46:49.682root 11241100x80000000000000001751656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e010e3aefc1eddbc2022-02-14 08:46:49.682root 11241100x80000000000000001751657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af9d11834a151052022-02-14 08:46:49.682root 11241100x80000000000000001751658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2002898e2ffe9f262022-02-14 08:46:49.682root 11241100x80000000000000001751659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebe8597574c1f462022-02-14 08:46:49.682root 11241100x80000000000000001751660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97988171e561eb6a2022-02-14 08:46:49.683root 11241100x80000000000000001751661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f212bbb1ea068632022-02-14 08:46:49.683root 11241100x80000000000000001751662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b563ba123de5b142022-02-14 08:46:49.683root 11241100x80000000000000001751663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bafe5179ef4b3e2022-02-14 08:46:49.683root 11241100x80000000000000001751664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3f637db2eccd782022-02-14 08:46:49.683root 11241100x80000000000000001751665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952de0aa55ccae712022-02-14 08:46:49.683root 11241100x80000000000000001751666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42c05e3bb2b6ab62022-02-14 08:46:49.683root 11241100x80000000000000001751667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbc72d9fab8572d2022-02-14 08:46:49.683root 11241100x80000000000000001751668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac75a27d172c561a2022-02-14 08:46:49.683root 11241100x80000000000000001751669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92ffb0da64450fc2022-02-14 08:46:49.684root 11241100x80000000000000001751670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b4e00d6e738c1a2022-02-14 08:46:49.684root 11241100x80000000000000001751671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36835409eab455a2022-02-14 08:46:49.684root 11241100x80000000000000001751672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160cfc13a7fb30112022-02-14 08:46:49.684root 11241100x80000000000000001751673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e858bb78e0a2da232022-02-14 08:46:49.684root 11241100x80000000000000001751674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec666bd4315905202022-02-14 08:46:49.684root 11241100x80000000000000001751675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9e0b30ac84d54d2022-02-14 08:46:49.685root 11241100x80000000000000001751676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab735d87ea9fdaf2022-02-14 08:46:49.685root 11241100x80000000000000001751677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572d61feb8e3eb572022-02-14 08:46:49.685root 11241100x80000000000000001751678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9027144688bd10e32022-02-14 08:46:49.685root 11241100x80000000000000001751679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d14b313a826d642022-02-14 08:46:49.685root 11241100x80000000000000001751680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d064a29cb40b89da2022-02-14 08:46:49.685root 11241100x80000000000000001751681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbd7e0b36b143cc2022-02-14 08:46:49.685root 11241100x80000000000000001751682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a4ee3cf950ef9f2022-02-14 08:46:49.686root 11241100x80000000000000001751683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8137e4048475a55c2022-02-14 08:46:49.686root 11241100x80000000000000001751684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f1c805feaa47242022-02-14 08:46:49.687root 11241100x80000000000000001751685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a35355cbaa3cce62022-02-14 08:46:49.687root 11241100x80000000000000001751686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a3b4e5a021cfc42022-02-14 08:46:49.688root 11241100x80000000000000001751687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d3b49cecbd60df2022-02-14 08:46:49.688root 11241100x80000000000000001751688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e310ded71462b83a2022-02-14 08:46:49.688root 11241100x80000000000000001751689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6d43c482bcba452022-02-14 08:46:49.688root 11241100x80000000000000001751690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0b03dda4acde952022-02-14 08:46:49.688root 11241100x80000000000000001751691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eefafaa868372652022-02-14 08:46:49.688root 11241100x80000000000000001751692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:49.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c6813d3234cc692022-02-14 08:46:49.688root 11241100x80000000000000001751693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0bef98e84c94fbe2022-02-14 08:46:50.180root 11241100x80000000000000001751694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90e82d49fc5198b2022-02-14 08:46:50.180root 11241100x80000000000000001751695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1fcbbe99ed0b062022-02-14 08:46:50.180root 11241100x80000000000000001751696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9105e21f9e74febf2022-02-14 08:46:50.180root 11241100x80000000000000001751697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107fba007c8d80992022-02-14 08:46:50.180root 11241100x80000000000000001751698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68872dc18e3b771c2022-02-14 08:46:50.180root 11241100x80000000000000001751699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658431ebc66c1f542022-02-14 08:46:50.181root 11241100x80000000000000001751700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ed8cf4e15fcc582022-02-14 08:46:50.181root 11241100x80000000000000001751701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34fcdc67f5e69062022-02-14 08:46:50.181root 11241100x80000000000000001751702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e6f837f2ee11542022-02-14 08:46:50.181root 11241100x80000000000000001751703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4895bfb6225f5bf2022-02-14 08:46:50.182root 11241100x80000000000000001751704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281f72d70f1db5b32022-02-14 08:46:50.182root 11241100x80000000000000001751705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897783a34779cefd2022-02-14 08:46:50.182root 11241100x80000000000000001751706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0509324b412b80722022-02-14 08:46:50.182root 11241100x80000000000000001751707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97027d4f82298402022-02-14 08:46:50.182root 11241100x80000000000000001751708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14178583bfbc6f22022-02-14 08:46:50.182root 11241100x80000000000000001751709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08d98337744775c2022-02-14 08:46:50.182root 11241100x80000000000000001751710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e13cdff13d4a67f2022-02-14 08:46:50.182root 11241100x80000000000000001751711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fe35bc79906c4b2022-02-14 08:46:50.183root 11241100x80000000000000001751712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8670a62c9ab05de12022-02-14 08:46:50.183root 11241100x80000000000000001751713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3005ffc72ecfa6cb2022-02-14 08:46:50.183root 11241100x80000000000000001751714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df4057f1de0c4bc2022-02-14 08:46:50.183root 11241100x80000000000000001751715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbffafdc11e26fd2022-02-14 08:46:50.183root 11241100x80000000000000001751716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2626fe6e6a9314562022-02-14 08:46:50.184root 11241100x80000000000000001751717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecf7aeaf80f63df2022-02-14 08:46:50.184root 11241100x80000000000000001751718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43182a71ae86b4eb2022-02-14 08:46:50.184root 11241100x80000000000000001751719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed472264e41f53bb2022-02-14 08:46:50.184root 11241100x80000000000000001751720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c2bd5a622982ea2022-02-14 08:46:50.184root 11241100x80000000000000001751721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c502caa90386e82022-02-14 08:46:50.185root 11241100x80000000000000001751722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5641c88d1c62ef2022-02-14 08:46:50.185root 11241100x80000000000000001751723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab09c040b5a33d42022-02-14 08:46:50.185root 11241100x80000000000000001751724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5561cfccbf611bbb2022-02-14 08:46:50.185root 11241100x80000000000000001751725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af68800cac9ea9352022-02-14 08:46:50.185root 11241100x80000000000000001751726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cad5f1f799798b62022-02-14 08:46:50.185root 11241100x80000000000000001751727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a12c299047705a2022-02-14 08:46:50.185root 11241100x80000000000000001751728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb8156601678a562022-02-14 08:46:50.185root 11241100x80000000000000001751729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89052ba0b638b9b92022-02-14 08:46:50.186root 11241100x80000000000000001751730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7168d87d40154092022-02-14 08:46:50.186root 11241100x80000000000000001751731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975f24ab9e8f67a72022-02-14 08:46:50.186root 11241100x80000000000000001751732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b872bb58fce1762022-02-14 08:46:50.186root 11241100x80000000000000001751733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4a3030d18689952022-02-14 08:46:50.186root 11241100x80000000000000001751734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87cfa6ccf9386a12022-02-14 08:46:50.186root 11241100x80000000000000001751735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2be14b585182262022-02-14 08:46:50.186root 11241100x80000000000000001751736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed20cc886b14d812022-02-14 08:46:50.187root 11241100x80000000000000001751737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292bea54b52b3bb32022-02-14 08:46:50.187root 11241100x80000000000000001751738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2152a86a2600a6ee2022-02-14 08:46:50.187root 11241100x80000000000000001751739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5470aac4f5d512072022-02-14 08:46:50.187root 11241100x80000000000000001751740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e67b11d5cbd9b02022-02-14 08:46:50.187root 11241100x80000000000000001751741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e028c1d6ec2e282022-02-14 08:46:50.187root 11241100x80000000000000001751742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ae97c20e9655882022-02-14 08:46:50.187root 11241100x80000000000000001751743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c495bc91af826032022-02-14 08:46:50.189root 11241100x80000000000000001751744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de01b2dd6b2194262022-02-14 08:46:50.189root 11241100x80000000000000001751745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2680c838f60627c82022-02-14 08:46:50.189root 11241100x80000000000000001751746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26713082d4c81292022-02-14 08:46:50.189root 11241100x80000000000000001751747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3986105dde5d4bfa2022-02-14 08:46:50.680root 11241100x80000000000000001751748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a45c0f2fc8ac4b2022-02-14 08:46:50.680root 11241100x80000000000000001751749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be13fdb49e2d69e72022-02-14 08:46:50.680root 11241100x80000000000000001751750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ddc75663324f492022-02-14 08:46:50.680root 11241100x80000000000000001751751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336f15e0c46d0dab2022-02-14 08:46:50.680root 11241100x80000000000000001751752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320ad0bd27338b602022-02-14 08:46:50.680root 11241100x80000000000000001751753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e30c29d5ec67392022-02-14 08:46:50.680root 11241100x80000000000000001751754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8952e22c5ff46dbc2022-02-14 08:46:50.680root 11241100x80000000000000001751755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a837f380bc9aed72022-02-14 08:46:50.681root 11241100x80000000000000001751756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256c676188d28d112022-02-14 08:46:50.681root 11241100x80000000000000001751757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a974b6af70faae2022-02-14 08:46:50.681root 11241100x80000000000000001751758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a2f4f2efb4a4142022-02-14 08:46:50.681root 11241100x80000000000000001751759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02d6d3dddc65e112022-02-14 08:46:50.682root 11241100x80000000000000001751760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996884629ac143ca2022-02-14 08:46:50.682root 11241100x80000000000000001751761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecb483f15af387f2022-02-14 08:46:50.682root 11241100x80000000000000001751762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e06b15ffe8ca612022-02-14 08:46:50.682root 11241100x80000000000000001751763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df20069c2da43392022-02-14 08:46:50.682root 11241100x80000000000000001751764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86de81837c4724c42022-02-14 08:46:50.682root 11241100x80000000000000001751765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fe60bf0f8666312022-02-14 08:46:50.682root 11241100x80000000000000001751766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b405410dd2c8d92022-02-14 08:46:50.683root 11241100x80000000000000001751767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fb3f962d028ad82022-02-14 08:46:50.683root 11241100x80000000000000001751768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb5251fd8aae6352022-02-14 08:46:50.683root 11241100x80000000000000001751769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5b15da8786d61c2022-02-14 08:46:50.683root 11241100x80000000000000001751770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ee2d09a998aa872022-02-14 08:46:50.683root 11241100x80000000000000001751771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14937a2a699707c82022-02-14 08:46:50.683root 11241100x80000000000000001751772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a044eccf2966ed9d2022-02-14 08:46:50.683root 11241100x80000000000000001751773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdde92fc7aafa0f2022-02-14 08:46:50.683root 11241100x80000000000000001751774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8530ae92b48da39f2022-02-14 08:46:50.683root 11241100x80000000000000001751775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5cae565602de192022-02-14 08:46:50.683root 11241100x80000000000000001751776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a51420184f506732022-02-14 08:46:50.683root 11241100x80000000000000001751777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a03f157d2da2ef2022-02-14 08:46:50.684root 11241100x80000000000000001751778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4162e0a46650db752022-02-14 08:46:50.684root 11241100x80000000000000001751779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2977651e3e20d3ca2022-02-14 08:46:50.684root 11241100x80000000000000001751780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6913d70207cb94912022-02-14 08:46:50.684root 11241100x80000000000000001751781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b562999ca152ec652022-02-14 08:46:50.684root 11241100x80000000000000001751782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6824b513cbe66c2022-02-14 08:46:50.684root 11241100x80000000000000001751783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e4aa6a9513be4d2022-02-14 08:46:50.684root 11241100x80000000000000001751784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126755aa337e8b752022-02-14 08:46:50.684root 11241100x80000000000000001751785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89328d2b42918412022-02-14 08:46:50.684root 11241100x80000000000000001751786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fb01fa2d77e2762022-02-14 08:46:50.684root 11241100x80000000000000001751787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6212ced71041440a2022-02-14 08:46:50.685root 11241100x80000000000000001751788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b62cd850bdc2f52022-02-14 08:46:50.685root 11241100x80000000000000001751789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fab979ac543c3262022-02-14 08:46:50.685root 11241100x80000000000000001751790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411dc3dcd214436c2022-02-14 08:46:50.685root 11241100x80000000000000001751791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f494e25416f13e992022-02-14 08:46:50.685root 11241100x80000000000000001751792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bf43fb9d3a081d2022-02-14 08:46:50.685root 11241100x80000000000000001751793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d172cbe81732c5e62022-02-14 08:46:50.685root 11241100x80000000000000001751794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd020e90b6a348c2022-02-14 08:46:50.685root 11241100x80000000000000001751795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92cd529d2bd2b0ff2022-02-14 08:46:50.685root 11241100x80000000000000001751796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf33b398ac691c92022-02-14 08:46:50.685root 11241100x80000000000000001751797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12c4db21d2f31a72022-02-14 08:46:50.686root 11241100x80000000000000001751798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea451657fbb8b5c02022-02-14 08:46:50.686root 11241100x80000000000000001751799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2341d440d418f92022-02-14 08:46:50.686root 11241100x80000000000000001751800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb0b50bf673fb752022-02-14 08:46:50.686root 11241100x80000000000000001751801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df5d292355de6522022-02-14 08:46:50.686root 11241100x80000000000000001751802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:50.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1a7e4aafd313622022-02-14 08:46:50.686root 11241100x80000000000000001751803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8cc4fb2d89f0542022-02-14 08:46:51.180root 11241100x80000000000000001751804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbeea538072958602022-02-14 08:46:51.181root 11241100x80000000000000001751805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4803fecec6f048262022-02-14 08:46:51.181root 11241100x80000000000000001751806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b82c4895b788162022-02-14 08:46:51.181root 11241100x80000000000000001751807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eaae008dec8e1f22022-02-14 08:46:51.181root 11241100x80000000000000001751808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf324804bf2d14862022-02-14 08:46:51.182root 11241100x80000000000000001751809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc8fb2db19295b42022-02-14 08:46:51.182root 11241100x80000000000000001751810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9e3bcaa94f7b502022-02-14 08:46:51.182root 11241100x80000000000000001751811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502d0ddd2f0fe7512022-02-14 08:46:51.188root 11241100x80000000000000001751812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5804768a36372b0b2022-02-14 08:46:51.188root 11241100x80000000000000001751813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbfa1eb8645355b2022-02-14 08:46:51.188root 11241100x80000000000000001751814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b69ed35e50897722022-02-14 08:46:51.188root 11241100x80000000000000001751815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e895cedb86870082022-02-14 08:46:51.188root 11241100x80000000000000001751816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d2a36d1d6549462022-02-14 08:46:51.188root 11241100x80000000000000001751817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc58e288db7a9df2022-02-14 08:46:51.188root 11241100x80000000000000001751818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec269506b3670a22022-02-14 08:46:51.188root 11241100x80000000000000001751819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bf5d47c4b59e7f2022-02-14 08:46:51.189root 11241100x80000000000000001751820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d95bc3ef25a14ee2022-02-14 08:46:51.189root 11241100x80000000000000001751821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da17e1cfa7b5fea2022-02-14 08:46:51.189root 11241100x80000000000000001751822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd1a273de0c7ea92022-02-14 08:46:51.189root 11241100x80000000000000001751823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdb0cbc3fb835bb2022-02-14 08:46:51.189root 11241100x80000000000000001751824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621b167564a1bc512022-02-14 08:46:51.189root 11241100x80000000000000001751825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a218eeb484906802022-02-14 08:46:51.189root 11241100x80000000000000001751826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e141817cea2d90852022-02-14 08:46:51.189root 11241100x80000000000000001751827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6e263037df25d62022-02-14 08:46:51.190root 11241100x80000000000000001751828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb60b8c2b44d74c12022-02-14 08:46:51.190root 11241100x80000000000000001751829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb479c506f91b5e42022-02-14 08:46:51.190root 11241100x80000000000000001751830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e8fd4c4f6e8ab82022-02-14 08:46:51.190root 11241100x80000000000000001751831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500ae8b180770c282022-02-14 08:46:51.190root 11241100x80000000000000001751832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616674785eda809b2022-02-14 08:46:51.190root 11241100x80000000000000001751833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56856cab43a7be42022-02-14 08:46:51.190root 11241100x80000000000000001751834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d0e10d5c27bf5d2022-02-14 08:46:51.190root 11241100x80000000000000001751835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc7ebc67b6fcd492022-02-14 08:46:51.190root 11241100x80000000000000001751836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0f91872dcd173c2022-02-14 08:46:51.190root 11241100x80000000000000001751837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0dda2d99f994292022-02-14 08:46:51.191root 11241100x80000000000000001751838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137ed7958457e76a2022-02-14 08:46:51.191root 11241100x80000000000000001751839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3c404b95a2a2ef2022-02-14 08:46:51.191root 11241100x80000000000000001751840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1685dc26275eb22022-02-14 08:46:51.191root 11241100x80000000000000001751841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33929cea333759a2022-02-14 08:46:51.191root 11241100x80000000000000001751842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30907356023181b82022-02-14 08:46:51.191root 11241100x80000000000000001751843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401298f1dcf4eb922022-02-14 08:46:51.191root 11241100x80000000000000001751844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a4817230e0b3342022-02-14 08:46:51.191root 11241100x80000000000000001751845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39dcdf3f2769bab02022-02-14 08:46:51.191root 11241100x80000000000000001751846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067c481ea3c0f17b2022-02-14 08:46:51.192root 11241100x80000000000000001751847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450af3ffd8e3f83a2022-02-14 08:46:51.192root 11241100x80000000000000001751848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce910c805e141fa22022-02-14 08:46:51.192root 11241100x80000000000000001751849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9727074801df922022-02-14 08:46:51.192root 11241100x80000000000000001751850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4069db1cd06c062022-02-14 08:46:51.680root 11241100x80000000000000001751851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2319c555cb91a612022-02-14 08:46:51.680root 11241100x80000000000000001751852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9793c799bf4bcfe52022-02-14 08:46:51.680root 11241100x80000000000000001751853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8f9968a2ae54102022-02-14 08:46:51.680root 11241100x80000000000000001751854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d457cb9e93844e2022-02-14 08:46:51.680root 11241100x80000000000000001751855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd22757f1e9a2ad72022-02-14 08:46:51.681root 11241100x80000000000000001751856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9c8a484d2d13602022-02-14 08:46:51.681root 11241100x80000000000000001751857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f0778b07e183352022-02-14 08:46:51.681root 11241100x80000000000000001751858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0aafd87b6ed6e52022-02-14 08:46:51.681root 11241100x80000000000000001751859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26977417cf36bde2022-02-14 08:46:51.681root 11241100x80000000000000001751860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cd22a6640467e72022-02-14 08:46:51.682root 11241100x80000000000000001751861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8753c9872c857262022-02-14 08:46:51.682root 11241100x80000000000000001751862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb10f4b6aa6fb3062022-02-14 08:46:51.682root 11241100x80000000000000001751863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f3b96a81a108822022-02-14 08:46:51.683root 11241100x80000000000000001751864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27aafe3e3b4880402022-02-14 08:46:51.683root 11241100x80000000000000001751865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67f8e6708cd1a502022-02-14 08:46:51.683root 11241100x80000000000000001751866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ccb0d5a5afaa362022-02-14 08:46:51.683root 11241100x80000000000000001751867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc1ab518ae872ff2022-02-14 08:46:51.683root 11241100x80000000000000001751868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef064b38db27ff2f2022-02-14 08:46:51.684root 11241100x80000000000000001751869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893b30310c0a80412022-02-14 08:46:51.684root 11241100x80000000000000001751870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2ee0f1a76f6a3f2022-02-14 08:46:51.684root 11241100x80000000000000001751871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bec125ed0c530d82022-02-14 08:46:51.684root 11241100x80000000000000001751872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06db7c17f588b9c2022-02-14 08:46:51.684root 11241100x80000000000000001751873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3735e296b439f8b42022-02-14 08:46:51.684root 11241100x80000000000000001751874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d3e7430a2214d32022-02-14 08:46:51.685root 11241100x80000000000000001751875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235103df9e4c187d2022-02-14 08:46:51.685root 11241100x80000000000000001751876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80108fad0829e6ff2022-02-14 08:46:51.685root 11241100x80000000000000001751877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb283abbb41be39e2022-02-14 08:46:51.685root 11241100x80000000000000001751878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bede12d49ad2b92c2022-02-14 08:46:51.685root 11241100x80000000000000001751879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82eacd1954564a4c2022-02-14 08:46:51.685root 11241100x80000000000000001751880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789c05d1cdad4eb82022-02-14 08:46:51.685root 11241100x80000000000000001751881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a846fe8c859f158f2022-02-14 08:46:51.685root 11241100x80000000000000001751882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2da8921765d9a0a2022-02-14 08:46:51.686root 11241100x80000000000000001751883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad9fbccff2b68532022-02-14 08:46:51.686root 11241100x80000000000000001751884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5588b52f954c34122022-02-14 08:46:51.686root 11241100x80000000000000001751885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6845cdf491b89502022-02-14 08:46:51.686root 11241100x80000000000000001751886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f639eff04fd39f2022-02-14 08:46:51.686root 11241100x80000000000000001751887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8e28b63993be0c2022-02-14 08:46:51.686root 11241100x80000000000000001751888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ba0130cc29f6a12022-02-14 08:46:51.686root 11241100x80000000000000001751889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95614bcea9bedbc82022-02-14 08:46:51.686root 11241100x80000000000000001751890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006437b2c99f69c92022-02-14 08:46:51.686root 11241100x80000000000000001751891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26df42a8451499a62022-02-14 08:46:51.686root 11241100x80000000000000001751892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d9bbbed409b0242022-02-14 08:46:51.687root 11241100x80000000000000001751893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14ffa4ca349c0cf2022-02-14 08:46:51.687root 11241100x80000000000000001751894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62194803f253f8f2022-02-14 08:46:51.687root 11241100x80000000000000001751895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58d09c74ef7783f2022-02-14 08:46:51.687root 11241100x80000000000000001751896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5ca5754a9908852022-02-14 08:46:51.688root 11241100x80000000000000001751897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d669ec3d429c3c382022-02-14 08:46:51.688root 11241100x80000000000000001751898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:51.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9178f3309a6f872a2022-02-14 08:46:51.688root 354300x80000000000000001751899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.038{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51546-false10.0.1.12-8000- 11241100x80000000000000001751900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.039{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d8e7c6535916722022-02-14 08:46:52.039root 11241100x80000000000000001751901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.039{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c2397fa4348f5d2022-02-14 08:46:52.039root 11241100x80000000000000001751902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.039{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5346c938f59e88ca2022-02-14 08:46:52.039root 11241100x80000000000000001751903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eabed27cfe2686d2022-02-14 08:46:52.040root 11241100x80000000000000001751904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff478cdd673807902022-02-14 08:46:52.040root 11241100x80000000000000001751905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b618b752643676ae2022-02-14 08:46:52.040root 11241100x80000000000000001751906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2481a032dc5a9842022-02-14 08:46:52.040root 11241100x80000000000000001751907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9100fd21a7d663b82022-02-14 08:46:52.040root 11241100x80000000000000001751908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e019373f58f2d8162022-02-14 08:46:52.040root 11241100x80000000000000001751909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28dad01f2539fd22022-02-14 08:46:52.040root 11241100x80000000000000001751910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.040{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2202fbc58f354f6c2022-02-14 08:46:52.040root 11241100x80000000000000001751911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096c3fea1d72502c2022-02-14 08:46:52.041root 11241100x80000000000000001751912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72f3d8b9aad92102022-02-14 08:46:52.041root 11241100x80000000000000001751913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a13612b6ed1177d2022-02-14 08:46:52.041root 11241100x80000000000000001751914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409a012f0fdd77212022-02-14 08:46:52.041root 11241100x80000000000000001751915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6d52689cf5fb4e2022-02-14 08:46:52.041root 11241100x80000000000000001751916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3255c810603a7f012022-02-14 08:46:52.041root 11241100x80000000000000001751917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736538dc8a82ad2a2022-02-14 08:46:52.041root 11241100x80000000000000001751918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df619511e4f2b7e62022-02-14 08:46:52.041root 11241100x80000000000000001751919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785a6b55480cf3db2022-02-14 08:46:52.041root 11241100x80000000000000001751920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.041{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de0cb7fa1dfc52f2022-02-14 08:46:52.041root 11241100x80000000000000001751921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.042{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da467076e1ba7d9f2022-02-14 08:46:52.042root 11241100x80000000000000001751922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.042{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119f3aeba1f6c8ee2022-02-14 08:46:52.042root 11241100x80000000000000001751923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.042{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e152a7d6b8f30b5c2022-02-14 08:46:52.042root 11241100x80000000000000001751924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.042{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef21a9b6e0279bf2022-02-14 08:46:52.042root 11241100x80000000000000001751925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.042{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca39c20b7d0eede12022-02-14 08:46:52.042root 11241100x80000000000000001751926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.042{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583cbce22454a1462022-02-14 08:46:52.042root 11241100x80000000000000001751927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.042{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6345d013491e7fa42022-02-14 08:46:52.042root 11241100x80000000000000001751928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.042{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc931da29f5c5652022-02-14 08:46:52.042root 11241100x80000000000000001751929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.042{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcd9feb5ef13c8f2022-02-14 08:46:52.042root 11241100x80000000000000001751930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.042{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399fb05bb64953032022-02-14 08:46:52.042root 11241100x80000000000000001751931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.043{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9b173c5cff34a92022-02-14 08:46:52.043root 11241100x80000000000000001751932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.043{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6044d6a7b2b30f1e2022-02-14 08:46:52.043root 11241100x80000000000000001751933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.043{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbee444dae5e90912022-02-14 08:46:52.043root 11241100x80000000000000001751934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.043{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec91562a8cad6112022-02-14 08:46:52.043root 11241100x80000000000000001751935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.043{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcd02dcc8e7bda82022-02-14 08:46:52.043root 11241100x80000000000000001751936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.043{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9082ffc86514bc572022-02-14 08:46:52.043root 11241100x80000000000000001751937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.044{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601e716017c840242022-02-14 08:46:52.044root 11241100x80000000000000001751938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.044{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd4b19b9c14054e2022-02-14 08:46:52.044root 11241100x80000000000000001751939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.044{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970b35b1320e205b2022-02-14 08:46:52.044root 11241100x80000000000000001751940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.045{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5608333d8fb51f2022-02-14 08:46:52.045root 11241100x80000000000000001751941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.045{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabdbbe44bebf4662022-02-14 08:46:52.045root 11241100x80000000000000001751942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.045{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0697a1cf8dbde32022-02-14 08:46:52.045root 11241100x80000000000000001751943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.045{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0529019324f0d72022-02-14 08:46:52.045root 11241100x80000000000000001751944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050e8b5e9a4a71972022-02-14 08:46:52.046root 11241100x80000000000000001751945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4167652582d83172022-02-14 08:46:52.046root 11241100x80000000000000001751946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4e2521a3b62f632022-02-14 08:46:52.046root 11241100x80000000000000001751947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f054d9e836ceb3772022-02-14 08:46:52.046root 11241100x80000000000000001751948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9039a53625c50a12022-02-14 08:46:52.046root 11241100x80000000000000001751949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912be58b7469e71d2022-02-14 08:46:52.046root 11241100x80000000000000001751950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ba241054bb76842022-02-14 08:46:52.046root 11241100x80000000000000001751951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.047{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2079245d7ab2122022-02-14 08:46:52.047root 11241100x80000000000000001751952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.047{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19850e02bc10166f2022-02-14 08:46:52.047root 11241100x80000000000000001751953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731baa297ea9bfe92022-02-14 08:46:52.430root 11241100x80000000000000001751954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a4a7d3eb781aef2022-02-14 08:46:52.430root 11241100x80000000000000001751955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60adf93e526814a2022-02-14 08:46:52.431root 11241100x80000000000000001751956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e1c128d8c993bf2022-02-14 08:46:52.431root 11241100x80000000000000001751957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2469e9fb3762df6b2022-02-14 08:46:52.431root 11241100x80000000000000001751958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e541e049d1e9e6e2022-02-14 08:46:52.431root 11241100x80000000000000001751959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe6f905b257dd962022-02-14 08:46:52.432root 11241100x80000000000000001751960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959e1b0330be52fd2022-02-14 08:46:52.432root 11241100x80000000000000001751961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a64b7c13fdefddf2022-02-14 08:46:52.432root 11241100x80000000000000001751962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c24b3796eccc632022-02-14 08:46:52.433root 11241100x80000000000000001751963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2604fcae43116542022-02-14 08:46:52.433root 11241100x80000000000000001751964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10008ada4f09d512022-02-14 08:46:52.433root 11241100x80000000000000001751965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2abe157200109562022-02-14 08:46:52.434root 11241100x80000000000000001751966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2752c5faf5cd252022-02-14 08:46:52.434root 11241100x80000000000000001751967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67ae9586c1868662022-02-14 08:46:52.434root 11241100x80000000000000001751968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0cdb1ca8ad7a722022-02-14 08:46:52.435root 11241100x80000000000000001751969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b76067b5ddae752022-02-14 08:46:52.435root 11241100x80000000000000001751970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7dfa228921133e2022-02-14 08:46:52.435root 11241100x80000000000000001751971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe04bfb60d335dd42022-02-14 08:46:52.435root 11241100x80000000000000001751972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1fa78ea47262b52022-02-14 08:46:52.435root 11241100x80000000000000001751973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef16a2946625c3b2022-02-14 08:46:52.436root 11241100x80000000000000001751974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b631da12dcbd4f902022-02-14 08:46:52.436root 11241100x80000000000000001751975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fe06c48a00fed62022-02-14 08:46:52.436root 11241100x80000000000000001751976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de1439ed36e1be02022-02-14 08:46:52.437root 11241100x80000000000000001751977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddbcfa11b267b112022-02-14 08:46:52.437root 11241100x80000000000000001751978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e680c51737732522022-02-14 08:46:52.437root 11241100x80000000000000001751979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd8e61c678a58dd2022-02-14 08:46:52.437root 11241100x80000000000000001751980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4efdaf475d4ddd8b2022-02-14 08:46:52.437root 11241100x80000000000000001751981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43558f245501a5552022-02-14 08:46:52.437root 11241100x80000000000000001751982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8758ee7d92ed3b432022-02-14 08:46:52.438root 11241100x80000000000000001751983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1506ca396688a02022-02-14 08:46:52.438root 11241100x80000000000000001751984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ecbade5c02be6d2022-02-14 08:46:52.438root 11241100x80000000000000001751985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42bd3c36724d565c2022-02-14 08:46:52.438root 11241100x80000000000000001751986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7f7c347097afb42022-02-14 08:46:52.438root 11241100x80000000000000001751987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fe4cec1d7f27c12022-02-14 08:46:52.438root 11241100x80000000000000001751988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c83f2dfc03897ae2022-02-14 08:46:52.438root 11241100x80000000000000001751989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce5de7f669ae0c82022-02-14 08:46:52.438root 11241100x80000000000000001751990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40495633c0b546212022-02-14 08:46:52.439root 11241100x80000000000000001751991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f0bbf882cdd0732022-02-14 08:46:52.439root 11241100x80000000000000001751992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7f700d764f2c012022-02-14 08:46:52.439root 11241100x80000000000000001751993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db081537c36d26d2022-02-14 08:46:52.439root 11241100x80000000000000001751994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac1902eceb62c112022-02-14 08:46:52.439root 11241100x80000000000000001751995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fe65c59c3ab5922022-02-14 08:46:52.439root 11241100x80000000000000001751996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b2dcd7b137857b2022-02-14 08:46:52.439root 11241100x80000000000000001751997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d5b50d0a48af462022-02-14 08:46:52.439root 11241100x80000000000000001751998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1beba8496b226a2022-02-14 08:46:52.439root 11241100x80000000000000001751999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b941a90310c0f82022-02-14 08:46:52.439root 11241100x80000000000000001752000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d2ee64c8ceb9622022-02-14 08:46:52.439root 11241100x80000000000000001752001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9bf13d5ab835522022-02-14 08:46:52.440root 11241100x80000000000000001752002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93f14cd2e91dafa2022-02-14 08:46:52.440root 11241100x80000000000000001752003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13dc585ddbbce2832022-02-14 08:46:52.440root 11241100x80000000000000001752004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4783c642eff46e8f2022-02-14 08:46:52.440root 11241100x80000000000000001752005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a57ce993c3a5e12022-02-14 08:46:52.440root 11241100x80000000000000001752006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f395bf4717cd96f2022-02-14 08:46:52.440root 11241100x80000000000000001752007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a545f3d3185d99b2022-02-14 08:46:52.440root 11241100x80000000000000001752008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b3d182fd22992f2022-02-14 08:46:52.441root 11241100x80000000000000001752009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46a5b177209d47c2022-02-14 08:46:52.441root 11241100x80000000000000001752010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c810b24f316a862022-02-14 08:46:52.441root 11241100x80000000000000001752011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d16a36f9ae56602022-02-14 08:46:52.441root 11241100x80000000000000001752012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7b96561fb7cfa72022-02-14 08:46:52.441root 11241100x80000000000000001752013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3077f33ec22af92022-02-14 08:46:52.441root 11241100x80000000000000001752014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e3f4110faa5b3e2022-02-14 08:46:52.441root 11241100x80000000000000001752015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544c90dc9ca0d7602022-02-14 08:46:52.441root 11241100x80000000000000001752016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8764de30c2e1522022-02-14 08:46:52.442root 11241100x80000000000000001752017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a23f07459772b442022-02-14 08:46:52.442root 11241100x80000000000000001752018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.442{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b27ce96897081e52022-02-14 08:46:52.442root 11241100x80000000000000001752019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7372cf48b25023c32022-02-14 08:46:52.932root 11241100x80000000000000001752020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504ac53676faee8a2022-02-14 08:46:52.932root 11241100x80000000000000001752021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fcbb8e666586c72022-02-14 08:46:52.932root 11241100x80000000000000001752022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d707ed1ce0c3ed2022-02-14 08:46:52.932root 11241100x80000000000000001752023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29171d166d3585e82022-02-14 08:46:52.933root 11241100x80000000000000001752024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8852fcc96643eef02022-02-14 08:46:52.933root 11241100x80000000000000001752025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467e8f75b463f93b2022-02-14 08:46:52.933root 11241100x80000000000000001752026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177dbb1c24b05fe82022-02-14 08:46:52.933root 11241100x80000000000000001752027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6a19d9fff7f2bd2022-02-14 08:46:52.933root 11241100x80000000000000001752028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef9b3ded4cf2bb22022-02-14 08:46:52.933root 11241100x80000000000000001752029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8735963212704aec2022-02-14 08:46:52.933root 11241100x80000000000000001752030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f48a07e9c95ea32022-02-14 08:46:52.934root 11241100x80000000000000001752031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f61fd5198991fe2022-02-14 08:46:52.934root 11241100x80000000000000001752032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3cb71e34bb42122022-02-14 08:46:52.934root 11241100x80000000000000001752033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34df1e2657bea8692022-02-14 08:46:52.934root 11241100x80000000000000001752034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41678ed1272bb3832022-02-14 08:46:52.934root 11241100x80000000000000001752035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc97a47acf0b1ea12022-02-14 08:46:52.934root 11241100x80000000000000001752036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da4e75670c0fdfd2022-02-14 08:46:52.934root 11241100x80000000000000001752037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7ddd04ccce58412022-02-14 08:46:52.934root 11241100x80000000000000001752038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fed5e3b37b3c5432022-02-14 08:46:52.935root 11241100x80000000000000001752039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9fe2a612a27adc2022-02-14 08:46:52.935root 11241100x80000000000000001752040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30bd66859b687732022-02-14 08:46:52.935root 11241100x80000000000000001752041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2356f0a91912bb62022-02-14 08:46:52.935root 11241100x80000000000000001752042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f55057c826eff832022-02-14 08:46:52.935root 11241100x80000000000000001752043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357a31f4856567472022-02-14 08:46:52.935root 11241100x80000000000000001752044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e738297b99d091c2022-02-14 08:46:52.939root 11241100x80000000000000001752045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.940{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cdef8b3bd77fd72022-02-14 08:46:52.940root 11241100x80000000000000001752046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.941{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c911be3c24e71f402022-02-14 08:46:52.941root 11241100x80000000000000001752047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.941{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e80b1b4f2233712022-02-14 08:46:52.941root 11241100x80000000000000001752048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.941{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd278c49e437ca42022-02-14 08:46:52.941root 11241100x80000000000000001752049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.942{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0ac7d0fca11fd32022-02-14 08:46:52.942root 11241100x80000000000000001752050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.942{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c746f02b346fa92022-02-14 08:46:52.942root 11241100x80000000000000001752051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.942{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6e5e0f834337072022-02-14 08:46:52.942root 11241100x80000000000000001752052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.942{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c031e4fbfd008e12022-02-14 08:46:52.942root 11241100x80000000000000001752053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.942{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649ecdc6e03e29652022-02-14 08:46:52.942root 11241100x80000000000000001752054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.943{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9c65b75b1bcf0d2022-02-14 08:46:52.943root 11241100x80000000000000001752055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.944{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd467236f9f99482022-02-14 08:46:52.944root 11241100x80000000000000001752056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.944{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c261bb8520efdf8e2022-02-14 08:46:52.944root 11241100x80000000000000001752057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.944{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc7374bace17b522022-02-14 08:46:52.944root 11241100x80000000000000001752058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.944{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f853e4ca89865e4b2022-02-14 08:46:52.944root 11241100x80000000000000001752059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.944{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379a2f83753f288f2022-02-14 08:46:52.944root 11241100x80000000000000001752060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.944{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7053c89803c0e2262022-02-14 08:46:52.944root 11241100x80000000000000001752061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.944{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f642edf775d61d872022-02-14 08:46:52.944root 11241100x80000000000000001752062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.946{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e3cfa73933a0732022-02-14 08:46:52.946root 11241100x80000000000000001752063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.946{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b768f1d3c6ffcfa52022-02-14 08:46:52.946root 11241100x80000000000000001752064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:52.946{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79e9cdeed989d232022-02-14 08:46:52.946root 11241100x80000000000000001752065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167d1619acd2efa52022-02-14 08:46:53.430root 11241100x80000000000000001752066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb121082278fb8d2022-02-14 08:46:53.430root 11241100x80000000000000001752067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8930b0c5699af77d2022-02-14 08:46:53.431root 11241100x80000000000000001752068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f95dc6cd90daa52022-02-14 08:46:53.431root 11241100x80000000000000001752069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29a311aad0225662022-02-14 08:46:53.431root 11241100x80000000000000001752070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e8f39d61e3acb22022-02-14 08:46:53.431root 11241100x80000000000000001752071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee8803c5a1cafb72022-02-14 08:46:53.431root 11241100x80000000000000001752072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e70e26c2f26d0b52022-02-14 08:46:53.431root 11241100x80000000000000001752073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde2cc455aee7b032022-02-14 08:46:53.432root 11241100x80000000000000001752074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ef162e9436171f2022-02-14 08:46:53.432root 11241100x80000000000000001752075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b924217b02ca372022-02-14 08:46:53.432root 11241100x80000000000000001752076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f202a79cce9725192022-02-14 08:46:53.433root 11241100x80000000000000001752077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d2e6a0aaa697802022-02-14 08:46:53.433root 11241100x80000000000000001752078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cd4f36d5371ec22022-02-14 08:46:53.434root 11241100x80000000000000001752079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508d6b61855c08f42022-02-14 08:46:53.434root 11241100x80000000000000001752080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5085519c74c9b4c2022-02-14 08:46:53.434root 11241100x80000000000000001752081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9ca8ddac4ad9ee2022-02-14 08:46:53.434root 11241100x80000000000000001752082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d70ed19ec5190f22022-02-14 08:46:53.434root 11241100x80000000000000001752083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854744a0d446e77c2022-02-14 08:46:53.434root 11241100x80000000000000001752084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd2fd548a8f02102022-02-14 08:46:53.435root 11241100x80000000000000001752085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f4198010b2108b2022-02-14 08:46:53.435root 11241100x80000000000000001752086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ad78c2e9458d292022-02-14 08:46:53.435root 11241100x80000000000000001752087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070b5d382c6c87312022-02-14 08:46:53.435root 11241100x80000000000000001752088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf5d984aee9753a2022-02-14 08:46:53.435root 11241100x80000000000000001752089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2411ff1e8265e52022-02-14 08:46:53.435root 11241100x80000000000000001752090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b45754e16d6620a2022-02-14 08:46:53.435root 11241100x80000000000000001752091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ebbef01b09eac62022-02-14 08:46:53.435root 11241100x80000000000000001752092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e8e7da49e1a3b32022-02-14 08:46:53.436root 11241100x80000000000000001752093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1d8cac167b36d82022-02-14 08:46:53.436root 11241100x80000000000000001752094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a2b5d333de80222022-02-14 08:46:53.436root 11241100x80000000000000001752095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f4236bfe9c6c2c2022-02-14 08:46:53.436root 11241100x80000000000000001752096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3237e1726639b22022-02-14 08:46:53.436root 11241100x80000000000000001752097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafbc8fe6f860b1b2022-02-14 08:46:53.437root 11241100x80000000000000001752098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2b80f49e5f33c62022-02-14 08:46:53.437root 11241100x80000000000000001752099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d71a6296c022602022-02-14 08:46:53.437root 11241100x80000000000000001752100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326ea09369e491192022-02-14 08:46:53.437root 11241100x80000000000000001752101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fb88775f3ffbe02022-02-14 08:46:53.437root 11241100x80000000000000001752102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732e27f040cf293b2022-02-14 08:46:53.438root 11241100x80000000000000001752103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302ab13b20ddd1dc2022-02-14 08:46:53.438root 11241100x80000000000000001752104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5d65109db51c792022-02-14 08:46:53.438root 11241100x80000000000000001752105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3bc149eabeec502022-02-14 08:46:53.438root 11241100x80000000000000001752106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6f8b3bd052e5c12022-02-14 08:46:53.438root 11241100x80000000000000001752107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4304d58d3f56c4dc2022-02-14 08:46:53.438root 11241100x80000000000000001752108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48037ae178ed77152022-02-14 08:46:53.439root 11241100x80000000000000001752109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f4d6c5c353aa1e2022-02-14 08:46:53.439root 11241100x80000000000000001752110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07e36f2106dcb322022-02-14 08:46:53.439root 11241100x80000000000000001752111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bcc92166dd70862022-02-14 08:46:53.439root 11241100x80000000000000001752112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69876e26145b7d282022-02-14 08:46:53.439root 11241100x80000000000000001752113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.439{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ff961b61e603dd2022-02-14 08:46:53.439root 11241100x80000000000000001752114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048d83262aab51842022-02-14 08:46:53.440root 11241100x80000000000000001752115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e69e1101d6c74fa2022-02-14 08:46:53.440root 11241100x80000000000000001752116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503878fa1892f3332022-02-14 08:46:53.440root 11241100x80000000000000001752117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3c1e0ee8560cff2022-02-14 08:46:53.440root 11241100x80000000000000001752118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e78b4cb2b788622022-02-14 08:46:53.440root 11241100x80000000000000001752119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.440{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a8b1700cb878672022-02-14 08:46:53.440root 11241100x80000000000000001752120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb130e108f3913772022-02-14 08:46:53.441root 11241100x80000000000000001752121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdba38de226776c2022-02-14 08:46:53.441root 11241100x80000000000000001752122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.441{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5e7ba4da91e4a42022-02-14 08:46:53.441root 11241100x80000000000000001752123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd7076fbd73ddb62022-02-14 08:46:53.930root 11241100x80000000000000001752124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ee5c3e1de917de2022-02-14 08:46:53.931root 11241100x80000000000000001752125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14988f26ac9557952022-02-14 08:46:53.931root 11241100x80000000000000001752126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2000c9dd203b9a112022-02-14 08:46:53.931root 11241100x80000000000000001752127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f7ebb78a1cbfaf2022-02-14 08:46:53.931root 11241100x80000000000000001752128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9870bcddc7a01d7b2022-02-14 08:46:53.932root 11241100x80000000000000001752129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640362878a0e27422022-02-14 08:46:53.932root 11241100x80000000000000001752130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20973e2c15b71742022-02-14 08:46:53.932root 11241100x80000000000000001752131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea877dabbe2daaf2022-02-14 08:46:53.932root 11241100x80000000000000001752132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99a4881933700cb2022-02-14 08:46:53.933root 11241100x80000000000000001752133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ec781c883f3d7f2022-02-14 08:46:53.933root 11241100x80000000000000001752134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562d302e259600f12022-02-14 08:46:53.933root 11241100x80000000000000001752135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad869155a22e75672022-02-14 08:46:53.934root 11241100x80000000000000001752136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358f39397312704c2022-02-14 08:46:53.934root 11241100x80000000000000001752137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c533b5a92658c72022-02-14 08:46:53.936root 11241100x80000000000000001752138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b659769c859778332022-02-14 08:46:53.936root 11241100x80000000000000001752139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337acce1ffc68e5a2022-02-14 08:46:53.936root 11241100x80000000000000001752140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125f10d0c77b43a22022-02-14 08:46:53.936root 11241100x80000000000000001752141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde42b3d4ed507b32022-02-14 08:46:53.937root 11241100x80000000000000001752142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac10f42db34903d2022-02-14 08:46:53.937root 11241100x80000000000000001752143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b561c3677559162022-02-14 08:46:53.937root 11241100x80000000000000001752144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122eee3625d910012022-02-14 08:46:53.937root 11241100x80000000000000001752145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9887ca13a4d26f52022-02-14 08:46:53.937root 11241100x80000000000000001752146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d208cdd7c6d8fd2d2022-02-14 08:46:53.937root 11241100x80000000000000001752147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9551d8bfd2477182022-02-14 08:46:53.937root 11241100x80000000000000001752148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e13e11490603902022-02-14 08:46:53.938root 11241100x80000000000000001752149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069ac15810b326092022-02-14 08:46:53.938root 11241100x80000000000000001752150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3a4e8dbf146ac02022-02-14 08:46:53.938root 11241100x80000000000000001752151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e437359e830cca2022-02-14 08:46:53.938root 11241100x80000000000000001752152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de10f42accc0adf12022-02-14 08:46:53.938root 11241100x80000000000000001752153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053b0447b33a80582022-02-14 08:46:53.938root 11241100x80000000000000001752154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdb0a5004c104fa2022-02-14 08:46:53.938root 11241100x80000000000000001752155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c89c49e753ff6372022-02-14 08:46:53.938root 11241100x80000000000000001752156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb596c19aa019132022-02-14 08:46:53.938root 11241100x80000000000000001752157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6967017be4f767b72022-02-14 08:46:53.938root 11241100x80000000000000001752158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c954bc18612720512022-02-14 08:46:53.939root 11241100x80000000000000001752159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d2bd0ddf637bfa2022-02-14 08:46:53.939root 11241100x80000000000000001752160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6afe4b71b5fd9b02022-02-14 08:46:53.939root 11241100x80000000000000001752161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bbe27c5a6479732022-02-14 08:46:53.939root 11241100x80000000000000001752162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01b60c5568b3ac52022-02-14 08:46:53.939root 11241100x80000000000000001752163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744fcc374a62c7032022-02-14 08:46:53.939root 11241100x80000000000000001752164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127a7804a9ce55a02022-02-14 08:46:53.939root 11241100x80000000000000001752165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89c947a24def3b92022-02-14 08:46:53.939root 11241100x80000000000000001752166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c56b6c624b264a2022-02-14 08:46:53.939root 11241100x80000000000000001752167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3a432c77abede12022-02-14 08:46:53.939root 11241100x80000000000000001752168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f635241039e7642022-02-14 08:46:53.939root 11241100x80000000000000001752169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.940{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b882d0193cf49e692022-02-14 08:46:53.940root 11241100x80000000000000001752170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.940{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4efb36fcae6f92972022-02-14 08:46:53.940root 11241100x80000000000000001752171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.940{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4315849ead67dae12022-02-14 08:46:53.940root 11241100x80000000000000001752172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.940{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b1b7a71b554ca12022-02-14 08:46:53.940root 11241100x80000000000000001752173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:53.940{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9297131ee14a0f942022-02-14 08:46:53.940root 11241100x80000000000000001752174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c7880f92652f312022-02-14 08:46:54.430root 11241100x80000000000000001752175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f466c07b15cccd62022-02-14 08:46:54.430root 11241100x80000000000000001752176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d754eb30ec24d82022-02-14 08:46:54.430root 11241100x80000000000000001752177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc1b6443f12e3d62022-02-14 08:46:54.430root 11241100x80000000000000001752178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7567a7cbad99342022-02-14 08:46:54.430root 11241100x80000000000000001752179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3269e7768f47b91a2022-02-14 08:46:54.430root 11241100x80000000000000001752180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc49c5755740c7682022-02-14 08:46:54.430root 11241100x80000000000000001752181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070be823eb3805802022-02-14 08:46:54.430root 11241100x80000000000000001752182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4fa0a1a5197b74b2022-02-14 08:46:54.430root 11241100x80000000000000001752183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6151bff2c1dbfeb62022-02-14 08:46:54.431root 11241100x80000000000000001752184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8e35bc852be2232022-02-14 08:46:54.431root 11241100x80000000000000001752185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e7743890042ab02022-02-14 08:46:54.431root 11241100x80000000000000001752186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f24b99e29d0c8d32022-02-14 08:46:54.431root 11241100x80000000000000001752187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69256b2e0c1aded2022-02-14 08:46:54.431root 11241100x80000000000000001752188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030c9faa88d44cde2022-02-14 08:46:54.431root 11241100x80000000000000001752189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7355a5b04454128d2022-02-14 08:46:54.431root 11241100x80000000000000001752190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f103cbc853bb8fb2022-02-14 08:46:54.431root 11241100x80000000000000001752191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a307e7be078aa5512022-02-14 08:46:54.431root 11241100x80000000000000001752192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98dea5d520a71c542022-02-14 08:46:54.431root 11241100x80000000000000001752193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f248c4596be0e92022-02-14 08:46:54.432root 11241100x80000000000000001752194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe6108d0ed57f3f2022-02-14 08:46:54.432root 11241100x80000000000000001752195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9296000738d433ea2022-02-14 08:46:54.432root 11241100x80000000000000001752196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d989f266e3b35da2022-02-14 08:46:54.432root 11241100x80000000000000001752197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6942364008fb90582022-02-14 08:46:54.432root 11241100x80000000000000001752198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69cd660cc9991392022-02-14 08:46:54.432root 11241100x80000000000000001752199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9e71e525cece2f2022-02-14 08:46:54.432root 11241100x80000000000000001752200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e9d7500c3dfcf52022-02-14 08:46:54.432root 11241100x80000000000000001752201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc243d5156d47bc32022-02-14 08:46:54.432root 11241100x80000000000000001752202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec600b207f8d6e62022-02-14 08:46:54.433root 11241100x80000000000000001752203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40122f563c439b3a2022-02-14 08:46:54.433root 11241100x80000000000000001752204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4458512d4427042022-02-14 08:46:54.433root 11241100x80000000000000001752205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3209d8e0270854c72022-02-14 08:46:54.433root 11241100x80000000000000001752206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73bcfe98770b08b2022-02-14 08:46:54.433root 11241100x80000000000000001752207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d8848d4b63ec9b2022-02-14 08:46:54.434root 11241100x80000000000000001752208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0669036fb99dbc652022-02-14 08:46:54.434root 11241100x80000000000000001752209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19dd0849fe43d0d22022-02-14 08:46:54.434root 11241100x80000000000000001752210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2d868ae142dfa52022-02-14 08:46:54.434root 11241100x80000000000000001752211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4582a01185b82d7c2022-02-14 08:46:54.434root 11241100x80000000000000001752212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ec8c1f38b2d8002022-02-14 08:46:54.434root 11241100x80000000000000001752213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6431e957fbb8092022-02-14 08:46:54.434root 11241100x80000000000000001752214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded3883a7de9ca082022-02-14 08:46:54.434root 11241100x80000000000000001752215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d2b362d90825902022-02-14 08:46:54.435root 11241100x80000000000000001752216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f968e53d54aad48d2022-02-14 08:46:54.435root 11241100x80000000000000001752217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30e8986ec33dbbc2022-02-14 08:46:54.435root 11241100x80000000000000001752218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ff055a6996aa8a2022-02-14 08:46:54.435root 11241100x80000000000000001752219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10d2d304a8fedd62022-02-14 08:46:54.436root 11241100x80000000000000001752220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b06beb41ea864f12022-02-14 08:46:54.436root 11241100x80000000000000001752221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bb45ba8e86efc22022-02-14 08:46:54.436root 11241100x80000000000000001752222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa08702d4aa4688c2022-02-14 08:46:54.436root 11241100x80000000000000001752223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a1e602d9e2ce052022-02-14 08:46:54.437root 11241100x80000000000000001752224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90aca28ce5e856af2022-02-14 08:46:54.437root 11241100x80000000000000001752225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102f948ea76aa9ae2022-02-14 08:46:54.930root 11241100x80000000000000001752226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc94908458456f42022-02-14 08:46:54.930root 11241100x80000000000000001752227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf00b7b703da8eb2022-02-14 08:46:54.930root 11241100x80000000000000001752228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21158ad9ed9281692022-02-14 08:46:54.930root 11241100x80000000000000001752229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8b807818e436a42022-02-14 08:46:54.931root 11241100x80000000000000001752230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8752b4163c50725e2022-02-14 08:46:54.931root 11241100x80000000000000001752231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d72dc61c0b859c2022-02-14 08:46:54.931root 11241100x80000000000000001752232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d84ef6c70ae793a2022-02-14 08:46:54.931root 11241100x80000000000000001752233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2892ef46d856262022-02-14 08:46:54.931root 11241100x80000000000000001752234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae5a8688f4c23762022-02-14 08:46:54.932root 11241100x80000000000000001752235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d5d15af010ea422022-02-14 08:46:54.932root 11241100x80000000000000001752236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1717eb26f4155a5e2022-02-14 08:46:54.932root 11241100x80000000000000001752237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2328e1a749e165bc2022-02-14 08:46:54.932root 11241100x80000000000000001752238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a178804c27071c2022-02-14 08:46:54.933root 11241100x80000000000000001752239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d031d744cae54902022-02-14 08:46:54.933root 11241100x80000000000000001752240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe295745facee53b2022-02-14 08:46:54.933root 11241100x80000000000000001752241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db756ab902c84322022-02-14 08:46:54.934root 11241100x80000000000000001752242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892a06704e63d8f32022-02-14 08:46:54.934root 11241100x80000000000000001752243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29c48021579bffe2022-02-14 08:46:54.934root 11241100x80000000000000001752244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ca702c334bda112022-02-14 08:46:54.934root 11241100x80000000000000001752245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec937a10af2154db2022-02-14 08:46:54.935root 11241100x80000000000000001752246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b421924e0892332022-02-14 08:46:54.935root 11241100x80000000000000001752247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dadbcd590f45fb32022-02-14 08:46:54.935root 11241100x80000000000000001752248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05dd67e7336b443f2022-02-14 08:46:54.935root 11241100x80000000000000001752249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce332604a05604822022-02-14 08:46:54.935root 11241100x80000000000000001752250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf28f2b6a1d69aa2022-02-14 08:46:54.936root 11241100x80000000000000001752251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acc8f3b34640fce2022-02-14 08:46:54.936root 11241100x80000000000000001752252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc0733f6ba5eb962022-02-14 08:46:54.936root 11241100x80000000000000001752253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42733a15af01ab3c2022-02-14 08:46:54.936root 11241100x80000000000000001752254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c625f19513b91e612022-02-14 08:46:54.936root 11241100x80000000000000001752255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fffff3613c6f69c2022-02-14 08:46:54.936root 11241100x80000000000000001752256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a4feff30fe2a822022-02-14 08:46:54.936root 11241100x80000000000000001752257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ed5e31f84c129f2022-02-14 08:46:54.937root 11241100x80000000000000001752258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b56ca5e9339fd932022-02-14 08:46:54.937root 11241100x80000000000000001752259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e334f58fb0e7b2f2022-02-14 08:46:54.937root 11241100x80000000000000001752260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfe299cdd5ce37f2022-02-14 08:46:54.937root 11241100x80000000000000001752261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01432228d5e272a22022-02-14 08:46:54.937root 11241100x80000000000000001752262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44de7b6950b0ef92022-02-14 08:46:54.937root 11241100x80000000000000001752263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7f5e724d0c468d2022-02-14 08:46:54.937root 11241100x80000000000000001752264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cdad4d9b29e63092022-02-14 08:46:54.937root 11241100x80000000000000001752265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087d01dc8b2886762022-02-14 08:46:54.938root 11241100x80000000000000001752266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45d186273c738e72022-02-14 08:46:54.938root 11241100x80000000000000001752267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425aa515b00066022022-02-14 08:46:54.938root 11241100x80000000000000001752268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0fda99bc5313d82022-02-14 08:46:54.938root 11241100x80000000000000001752269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f07cf2e51d38b1e2022-02-14 08:46:54.938root 11241100x80000000000000001752270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0724600a55613acc2022-02-14 08:46:54.938root 11241100x80000000000000001752271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94ff548b000dcad2022-02-14 08:46:54.938root 11241100x80000000000000001752272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544cb95d50b89e5b2022-02-14 08:46:54.938root 11241100x80000000000000001752273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb3d9aa5bade72b2022-02-14 08:46:54.939root 11241100x80000000000000001752274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aec26d857bba53b2022-02-14 08:46:54.939root 11241100x80000000000000001752275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5d21a625ca4a302022-02-14 08:46:54.939root 11241100x80000000000000001752276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1916ae0f0a272b72022-02-14 08:46:54.939root 11241100x80000000000000001752277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775da00a2f613b882022-02-14 08:46:54.939root 11241100x80000000000000001752278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462ffb34adb0dc862022-02-14 08:46:54.939root 11241100x80000000000000001752279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbef1774e7005212022-02-14 08:46:54.939root 11241100x80000000000000001752280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:54.939{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8426188f634ae8032022-02-14 08:46:54.939root 11241100x80000000000000001752281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d3824fbd859b212022-02-14 08:46:55.430root 11241100x80000000000000001752282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb1a1d4a9ca657b2022-02-14 08:46:55.430root 11241100x80000000000000001752283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9371c4a36ad8a2aa2022-02-14 08:46:55.430root 11241100x80000000000000001752284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9348d12ffc5c27b2022-02-14 08:46:55.431root 11241100x80000000000000001752285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4975e4b26862cb552022-02-14 08:46:55.431root 11241100x80000000000000001752286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72022837efe608f12022-02-14 08:46:55.431root 11241100x80000000000000001752287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d210bcadb989ac322022-02-14 08:46:55.431root 11241100x80000000000000001752288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e318cbd7ec6b07c2022-02-14 08:46:55.432root 11241100x80000000000000001752289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e9657310e3da772022-02-14 08:46:55.432root 11241100x80000000000000001752290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9939938832f65c982022-02-14 08:46:55.432root 11241100x80000000000000001752291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea52c6bbf1c1cd12022-02-14 08:46:55.432root 11241100x80000000000000001752292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0cbb34655754d42022-02-14 08:46:55.432root 11241100x80000000000000001752293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e4864f1769eb3d2022-02-14 08:46:55.433root 11241100x80000000000000001752294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657d95830c8e7cfc2022-02-14 08:46:55.433root 11241100x80000000000000001752295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbb6bd851f300912022-02-14 08:46:55.433root 11241100x80000000000000001752296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c818693e54d55d8c2022-02-14 08:46:55.433root 11241100x80000000000000001752297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d07b634fae95a92022-02-14 08:46:55.433root 11241100x80000000000000001752298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7794d9471ce4af962022-02-14 08:46:55.433root 11241100x80000000000000001752299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092bdb549ec50b5f2022-02-14 08:46:55.434root 11241100x80000000000000001752300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbee43b74f9e4cd2022-02-14 08:46:55.434root 11241100x80000000000000001752301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a45558a002859de2022-02-14 08:46:55.434root 11241100x80000000000000001752302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5cbafada6dfe4a2022-02-14 08:46:55.434root 11241100x80000000000000001752303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac12cf3fab6b1962022-02-14 08:46:55.434root 11241100x80000000000000001752304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be25d229acf44922022-02-14 08:46:55.434root 11241100x80000000000000001752305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdeeedcab2f7c202022-02-14 08:46:55.434root 11241100x80000000000000001752306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c239bc18828c2e312022-02-14 08:46:55.435root 11241100x80000000000000001752307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b2c86a6e3820342022-02-14 08:46:55.435root 11241100x80000000000000001752308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebab196508e403b2022-02-14 08:46:55.435root 11241100x80000000000000001752309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93431e2cdfe7bdf2022-02-14 08:46:55.435root 11241100x80000000000000001752310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0128aeb946b557ce2022-02-14 08:46:55.435root 11241100x80000000000000001752311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a4bad0bea3cf672022-02-14 08:46:55.435root 11241100x80000000000000001752312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbf970e807d0a6b2022-02-14 08:46:55.435root 11241100x80000000000000001752313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2558b6266ee5da6e2022-02-14 08:46:55.435root 11241100x80000000000000001752314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbfda42875074322022-02-14 08:46:55.436root 11241100x80000000000000001752315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66807d66fc68cf2e2022-02-14 08:46:55.436root 11241100x80000000000000001752316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fca0b514e93a8ae2022-02-14 08:46:55.436root 11241100x80000000000000001752317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb8b907e52469542022-02-14 08:46:55.436root 11241100x80000000000000001752318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7eb82bab62f14a2022-02-14 08:46:55.436root 11241100x80000000000000001752319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67289d9de0a122e72022-02-14 08:46:55.436root 11241100x80000000000000001752320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1646bcefde89132022-02-14 08:46:55.436root 11241100x80000000000000001752321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9eb33ee1835ed92022-02-14 08:46:55.436root 11241100x80000000000000001752322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8be8e7c481aca42022-02-14 08:46:55.436root 11241100x80000000000000001752323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7c7328d16398172022-02-14 08:46:55.437root 11241100x80000000000000001752324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d31b8e10290b632022-02-14 08:46:55.437root 11241100x80000000000000001752325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a599dfdf6b2c702022-02-14 08:46:55.437root 11241100x80000000000000001752326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9dfe10c52c5c6e2022-02-14 08:46:55.437root 11241100x80000000000000001752327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aaa1c3f05142b282022-02-14 08:46:55.437root 11241100x80000000000000001752328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85cd9e459ca442052022-02-14 08:46:55.437root 11241100x80000000000000001752329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1069bc53cc5df0782022-02-14 08:46:55.437root 11241100x80000000000000001752330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.437{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad62fc54bf47ce92022-02-14 08:46:55.437root 11241100x80000000000000001752331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09bd20774897b7df2022-02-14 08:46:55.438root 11241100x80000000000000001752332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.438{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4d8377772599992022-02-14 08:46:55.438root 11241100x80000000000000001752333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1c8f07a1faec782022-02-14 08:46:55.930root 11241100x80000000000000001752334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc882f1ddb606d7a2022-02-14 08:46:55.930root 11241100x80000000000000001752335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97943a7413d27d562022-02-14 08:46:55.930root 11241100x80000000000000001752336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddfce73eb413fd42022-02-14 08:46:55.930root 11241100x80000000000000001752337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14903b65ece53f082022-02-14 08:46:55.930root 11241100x80000000000000001752338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2763b8f602a526b52022-02-14 08:46:55.930root 11241100x80000000000000001752339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c48b58729b86042022-02-14 08:46:55.931root 11241100x80000000000000001752340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07350d91a6cbf462022-02-14 08:46:55.931root 11241100x80000000000000001752341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3478e19602a891bf2022-02-14 08:46:55.931root 11241100x80000000000000001752342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307a0c3f222680282022-02-14 08:46:55.931root 11241100x80000000000000001752343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9e271b2cfc8c1f2022-02-14 08:46:55.931root 11241100x80000000000000001752344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b478a6add516fcdd2022-02-14 08:46:55.931root 11241100x80000000000000001752345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6f8375edad87892022-02-14 08:46:55.931root 11241100x80000000000000001752346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264f2520621037332022-02-14 08:46:55.931root 11241100x80000000000000001752347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfeb49e04b7329912022-02-14 08:46:55.931root 11241100x80000000000000001752348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c15f5b7be790672022-02-14 08:46:55.932root 11241100x80000000000000001752349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca363ae4e5a623c2022-02-14 08:46:55.932root 11241100x80000000000000001752350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb4f72971ae517c2022-02-14 08:46:55.932root 11241100x80000000000000001752351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f599e08587f97c592022-02-14 08:46:55.932root 11241100x80000000000000001752352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659d7375353d749c2022-02-14 08:46:55.932root 11241100x80000000000000001752353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfab33292c92a2a2022-02-14 08:46:55.932root 11241100x80000000000000001752354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf1614dc32b87b62022-02-14 08:46:55.932root 11241100x80000000000000001752355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95119ba4fe1fcca12022-02-14 08:46:55.932root 11241100x80000000000000001752356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7edddfdc1273f42022-02-14 08:46:55.932root 11241100x80000000000000001752357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6866459a049913572022-02-14 08:46:55.933root 11241100x80000000000000001752358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b2e6ea0936327e2022-02-14 08:46:55.933root 11241100x80000000000000001752359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331c0b9aa22fc6ed2022-02-14 08:46:55.933root 11241100x80000000000000001752360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f77ec0b7ffe1f632022-02-14 08:46:55.933root 11241100x80000000000000001752361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ddacc797b692e22022-02-14 08:46:55.934root 11241100x80000000000000001752362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd05253045829fb2022-02-14 08:46:55.934root 11241100x80000000000000001752363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96603803492fbcc42022-02-14 08:46:55.934root 11241100x80000000000000001752364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3dc786ca0b418092022-02-14 08:46:55.934root 11241100x80000000000000001752365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a279e830647889c42022-02-14 08:46:55.935root 11241100x80000000000000001752366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da2b8f57b16f4702022-02-14 08:46:55.935root 11241100x80000000000000001752367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f7dfef052cb7f82022-02-14 08:46:55.935root 11241100x80000000000000001752368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0db51cb13f95d2e2022-02-14 08:46:55.935root 11241100x80000000000000001752369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.935{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2612cfffb12ec62022-02-14 08:46:55.935root 11241100x80000000000000001752370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b87a317e6fda202022-02-14 08:46:55.936root 11241100x80000000000000001752371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e96e1aea4c80052022-02-14 08:46:55.936root 11241100x80000000000000001752372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eed6ba908828c272022-02-14 08:46:55.936root 11241100x80000000000000001752373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca72d4aa19a0ac492022-02-14 08:46:55.936root 11241100x80000000000000001752374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ec53f00d3ef1172022-02-14 08:46:55.936root 11241100x80000000000000001752375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8973fdbdd36de80c2022-02-14 08:46:55.936root 11241100x80000000000000001752376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9126e0a7f12e83ef2022-02-14 08:46:55.936root 11241100x80000000000000001752377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23b44649c6241b02022-02-14 08:46:55.936root 11241100x80000000000000001752378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd77db5490b936e92022-02-14 08:46:55.936root 11241100x80000000000000001752379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2935e5e56b640552022-02-14 08:46:55.936root 11241100x80000000000000001752380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0620282cdbefad032022-02-14 08:46:55.936root 11241100x80000000000000001752381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.936{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994a71348cbe608a2022-02-14 08:46:55.936root 11241100x80000000000000001752382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfedbb0125b81fe2022-02-14 08:46:55.937root 11241100x80000000000000001752383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12dfc107c0d940a82022-02-14 08:46:55.937root 11241100x80000000000000001752384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901e1838478ba86f2022-02-14 08:46:55.937root 11241100x80000000000000001752385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0daa03c8985917ff2022-02-14 08:46:55.937root 11241100x80000000000000001752386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79e0228f11eecf62022-02-14 08:46:55.937root 11241100x80000000000000001752387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c0d2c5e57582ed2022-02-14 08:46:55.937root 11241100x80000000000000001752388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ee4936f5c7d7772022-02-14 08:46:55.937root 11241100x80000000000000001752389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b01a7e035b7c032022-02-14 08:46:55.937root 11241100x80000000000000001752390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3715fc7c261d9c2022-02-14 08:46:55.937root 11241100x80000000000000001752391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:55.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bb0d5eebd88b7c2022-02-14 08:46:55.938root 11241100x80000000000000001752392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0857c3374b80e1b2022-02-14 08:46:56.430root 11241100x80000000000000001752393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07311d50212295192022-02-14 08:46:56.431root 11241100x80000000000000001752394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91da68a5cff8bf332022-02-14 08:46:56.431root 11241100x80000000000000001752395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4589975902360052022-02-14 08:46:56.431root 11241100x80000000000000001752396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5f2265f77713a52022-02-14 08:46:56.431root 11241100x80000000000000001752397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8267df90a01d19992022-02-14 08:46:56.431root 11241100x80000000000000001752398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb0a76c8064acc52022-02-14 08:46:56.431root 11241100x80000000000000001752399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae789c5a457c99592022-02-14 08:46:56.431root 11241100x80000000000000001752400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc318fde79811f282022-02-14 08:46:56.431root 11241100x80000000000000001752401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ccdf07d76836c02022-02-14 08:46:56.431root 11241100x80000000000000001752402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae59fb25c64d7442022-02-14 08:46:56.431root 11241100x80000000000000001752403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387e53483a892d482022-02-14 08:46:56.431root 11241100x80000000000000001752404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1699be291413e56e2022-02-14 08:46:56.432root 11241100x80000000000000001752405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b38d17c8a26a04b2022-02-14 08:46:56.432root 11241100x80000000000000001752406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02eb2ea4530655d92022-02-14 08:46:56.432root 11241100x80000000000000001752407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7692590d6941d32022-02-14 08:46:56.432root 11241100x80000000000000001752408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e23e65715a685f92022-02-14 08:46:56.432root 11241100x80000000000000001752409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08002b87a184e01f2022-02-14 08:46:56.432root 11241100x80000000000000001752410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19e7e912275fc752022-02-14 08:46:56.432root 11241100x80000000000000001752411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15116c8475a591e42022-02-14 08:46:56.432root 11241100x80000000000000001752412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965a8d5c6d9620332022-02-14 08:46:56.432root 11241100x80000000000000001752413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3345feacd48256f2022-02-14 08:46:56.433root 11241100x80000000000000001752414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2aecd1d073840012022-02-14 08:46:56.433root 11241100x80000000000000001752415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba0f788ae96cd712022-02-14 08:46:56.433root 11241100x80000000000000001752416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776b70a6f84ac3832022-02-14 08:46:56.433root 11241100x80000000000000001752417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bd90cfb2aa3ea32022-02-14 08:46:56.433root 11241100x80000000000000001752418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6a2c03aa5557472022-02-14 08:46:56.433root 11241100x80000000000000001752419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4d7d527d7d19f42022-02-14 08:46:56.433root 11241100x80000000000000001752420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46937ba70dbf90762022-02-14 08:46:56.433root 11241100x80000000000000001752421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6270954537f251a2022-02-14 08:46:56.433root 11241100x80000000000000001752422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68a336c380568202022-02-14 08:46:56.434root 11241100x80000000000000001752423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d758424eab4f252022-02-14 08:46:56.434root 11241100x80000000000000001752424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf4ecf2f40e70902022-02-14 08:46:56.434root 11241100x80000000000000001752425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506b18d2ff540f1c2022-02-14 08:46:56.434root 11241100x80000000000000001752426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b52f34e5cd0e9f2022-02-14 08:46:56.434root 11241100x80000000000000001752427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad37d318408b60b12022-02-14 08:46:56.434root 11241100x80000000000000001752428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617bc3ff864c103a2022-02-14 08:46:56.434root 11241100x80000000000000001752429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d58a60b48669c4d2022-02-14 08:46:56.434root 11241100x80000000000000001752430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73cc467d60de82ec2022-02-14 08:46:56.434root 11241100x80000000000000001752431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade17842c6373ef52022-02-14 08:46:56.434root 11241100x80000000000000001752432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988979a50ebeb33e2022-02-14 08:46:56.435root 11241100x80000000000000001752433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1a493921895fbd2022-02-14 08:46:56.435root 11241100x80000000000000001752434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99610e0aa1ec8ae82022-02-14 08:46:56.435root 11241100x80000000000000001752435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed492feb10c9ab8c2022-02-14 08:46:56.435root 11241100x80000000000000001752436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ff5a996be4c5a82022-02-14 08:46:56.435root 11241100x80000000000000001752437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf08da93b3223a6c2022-02-14 08:46:56.435root 11241100x80000000000000001752438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bc5d46e681eb792022-02-14 08:46:56.435root 11241100x80000000000000001752439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529ac4fa7c0854892022-02-14 08:46:56.435root 11241100x80000000000000001752440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.435{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a728cd57903f9e2022-02-14 08:46:56.435root 11241100x80000000000000001752441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.436{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911c8841b8a4a3f72022-02-14 08:46:56.436root 11241100x80000000000000001752442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e7a365e4fac34f2022-02-14 08:46:56.930root 11241100x80000000000000001752443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20cfb9847a77db382022-02-14 08:46:56.930root 11241100x80000000000000001752444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0509511c0b5937a2022-02-14 08:46:56.931root 11241100x80000000000000001752445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f4f17b75ccc9432022-02-14 08:46:56.931root 11241100x80000000000000001752446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186e3ab8af5140922022-02-14 08:46:56.931root 11241100x80000000000000001752447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dcd80c57c7cf3082022-02-14 08:46:56.931root 11241100x80000000000000001752448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce92b28a2a0f0ce2022-02-14 08:46:56.931root 11241100x80000000000000001752449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8141067dda676e2022-02-14 08:46:56.931root 11241100x80000000000000001752450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a955a603d6d1de2022-02-14 08:46:56.932root 11241100x80000000000000001752451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39308f116a380d182022-02-14 08:46:56.932root 11241100x80000000000000001752452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ebd3d369e6fad12022-02-14 08:46:56.932root 11241100x80000000000000001752453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c25e4e5b740a522022-02-14 08:46:56.932root 11241100x80000000000000001752454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83dfa5acf54229982022-02-14 08:46:56.932root 11241100x80000000000000001752455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d39a553f099bcf2022-02-14 08:46:56.932root 11241100x80000000000000001752456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd359437f9ea2e7a2022-02-14 08:46:56.932root 11241100x80000000000000001752457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2b4c27e4d9ec0d2022-02-14 08:46:56.932root 11241100x80000000000000001752458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e35b82688c09a232022-02-14 08:46:56.932root 11241100x80000000000000001752459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962f294755fed8a82022-02-14 08:46:56.933root 11241100x80000000000000001752460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7272e22d1a0709e2022-02-14 08:46:56.933root 11241100x80000000000000001752461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8afb442f3c2a2622022-02-14 08:46:56.933root 11241100x80000000000000001752462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4dd9513c55ec332022-02-14 08:46:56.933root 11241100x80000000000000001752463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c86b755c669f6382022-02-14 08:46:56.933root 11241100x80000000000000001752464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4b85ee21789cb12022-02-14 08:46:56.933root 11241100x80000000000000001752465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5e9742efec1e442022-02-14 08:46:56.933root 11241100x80000000000000001752466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef2fb5d0a734f082022-02-14 08:46:56.933root 11241100x80000000000000001752467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.933{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acc80179bc882dc2022-02-14 08:46:56.933root 11241100x80000000000000001752468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.934{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af2291cf60f68742022-02-14 08:46:56.934root 11241100x80000000000000001752469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4c07917eb88dd82022-02-14 08:46:56.937root 11241100x80000000000000001752470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d93351e023cdd32022-02-14 08:46:56.937root 11241100x80000000000000001752471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487555bed8df41602022-02-14 08:46:56.937root 11241100x80000000000000001752472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9feda8b9a0f3d5652022-02-14 08:46:56.937root 11241100x80000000000000001752473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffadfca11fdb003e2022-02-14 08:46:56.937root 11241100x80000000000000001752474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba3a43445fc48972022-02-14 08:46:56.937root 11241100x80000000000000001752475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.937{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8784034acace6c2022-02-14 08:46:56.937root 11241100x80000000000000001752476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.938{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c79701ba5ad575e2022-02-14 08:46:56.938root 11241100x80000000000000001752477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.941{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f303fbfc29b8bed92022-02-14 08:46:56.941root 11241100x80000000000000001752478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.941{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb45bef9ebd35742022-02-14 08:46:56.941root 11241100x80000000000000001752479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.942{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a3da42dab5baa92022-02-14 08:46:56.942root 11241100x80000000000000001752480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.942{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607290c23094ab452022-02-14 08:46:56.942root 11241100x80000000000000001752481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.943{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a9f5f671716a4e2022-02-14 08:46:56.943root 11241100x80000000000000001752482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.943{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8505d79dc0c76bf2022-02-14 08:46:56.943root 11241100x80000000000000001752483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.943{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a7a0177423c9642022-02-14 08:46:56.943root 11241100x80000000000000001752484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.944{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adf36fdcd50ee242022-02-14 08:46:56.944root 11241100x80000000000000001752485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.944{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2811688e6faf79112022-02-14 08:46:56.944root 11241100x80000000000000001752486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.944{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51cb2710c66616112022-02-14 08:46:56.944root 11241100x80000000000000001752487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.944{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7c4245beb97ef12022-02-14 08:46:56.944root 11241100x80000000000000001752488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.945{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98985d680f9b62a2022-02-14 08:46:56.945root 11241100x80000000000000001752489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.945{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c486e585c3cf50b52022-02-14 08:46:56.945root 11241100x80000000000000001752490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.945{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31868b0a3b5915e2022-02-14 08:46:56.945root 11241100x80000000000000001752491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:56.945{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c3dcdafab10f342022-02-14 08:46:56.945root 354300x80000000000000001752492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.186{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51548-false10.0.1.12-8000- 11241100x80000000000000001752493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6275fd4dc59f35972022-02-14 08:46:57.187root 11241100x80000000000000001752494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15290d0010fcaec2022-02-14 08:46:57.187root 11241100x80000000000000001752495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b09f5de69a81c772022-02-14 08:46:57.187root 11241100x80000000000000001752496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cae5e6e86a24462022-02-14 08:46:57.187root 11241100x80000000000000001752497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e6cf14437a757b2022-02-14 08:46:57.188root 11241100x80000000000000001752498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9553569157c3bf322022-02-14 08:46:57.188root 11241100x80000000000000001752499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d04009618ac9f3a2022-02-14 08:46:57.188root 11241100x80000000000000001752500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a214751acc17a7ab2022-02-14 08:46:57.188root 11241100x80000000000000001752501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d002062aade772c12022-02-14 08:46:57.188root 11241100x80000000000000001752502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f29f1516e2e0c402022-02-14 08:46:57.188root 11241100x80000000000000001752503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e38d36e232a425b2022-02-14 08:46:57.188root 11241100x80000000000000001752504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6497595f9a9028fc2022-02-14 08:46:57.188root 11241100x80000000000000001752505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb813b97e2626b42022-02-14 08:46:57.188root 11241100x80000000000000001752506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179f4f42ff508eda2022-02-14 08:46:57.189root 11241100x80000000000000001752507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73eeeced0c3b29ee2022-02-14 08:46:57.189root 11241100x80000000000000001752508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9fcda0c572b6252022-02-14 08:46:57.189root 11241100x80000000000000001752509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635854c2b89269202022-02-14 08:46:57.189root 11241100x80000000000000001752510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131061299cf589e42022-02-14 08:46:57.189root 11241100x80000000000000001752511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714963b1ab6e6db52022-02-14 08:46:57.189root 11241100x80000000000000001752512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8019c58dddf769c2022-02-14 08:46:57.189root 11241100x80000000000000001752513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f49e3020706f112022-02-14 08:46:57.189root 11241100x80000000000000001752514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e61819beb2d29162022-02-14 08:46:57.189root 11241100x80000000000000001752515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40a6242dcca12302022-02-14 08:46:57.189root 11241100x80000000000000001752516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff3d21e8a9c8ec22022-02-14 08:46:57.189root 11241100x80000000000000001752517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faed57f7149d30422022-02-14 08:46:57.189root 11241100x80000000000000001752518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794e757191240d122022-02-14 08:46:57.189root 11241100x80000000000000001752519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f73f8631b996122022-02-14 08:46:57.189root 11241100x80000000000000001752520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac9c094d54c7cd32022-02-14 08:46:57.189root 11241100x80000000000000001752521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df4c5df035085a82022-02-14 08:46:57.189root 11241100x80000000000000001752522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a7582ab531a3632022-02-14 08:46:57.190root 11241100x80000000000000001752523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430e5f26e814e3342022-02-14 08:46:57.190root 11241100x80000000000000001752524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1367360ee1b1d62022-02-14 08:46:57.190root 11241100x80000000000000001752525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3abcdc38c81adad2022-02-14 08:46:57.190root 11241100x80000000000000001752526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defcd173156922372022-02-14 08:46:57.190root 11241100x80000000000000001752527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02471e284ef140022022-02-14 08:46:57.190root 11241100x80000000000000001752528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e68c6859ef81e22022-02-14 08:46:57.190root 11241100x80000000000000001752529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f45ee1d6de7e152022-02-14 08:46:57.190root 11241100x80000000000000001752530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0ea452ab7f9f9a2022-02-14 08:46:57.190root 11241100x80000000000000001752531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125814af932f29802022-02-14 08:46:57.190root 11241100x80000000000000001752532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f654ec91abf6252022-02-14 08:46:57.190root 11241100x80000000000000001752533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232c89bb5e2aa14c2022-02-14 08:46:57.190root 11241100x80000000000000001752534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f677fc5deda066de2022-02-14 08:46:57.190root 11241100x80000000000000001752535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dbbf3e3681df2c2022-02-14 08:46:57.190root 11241100x80000000000000001752536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e718ad8dfa4bd812022-02-14 08:46:57.190root 11241100x80000000000000001752537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764493c0637f5b442022-02-14 08:46:57.191root 11241100x80000000000000001752538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccaadd08330d4132022-02-14 08:46:57.191root 11241100x80000000000000001752539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be52a9164c614e02022-02-14 08:46:57.191root 11241100x80000000000000001752540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af18b4fb88553e0e2022-02-14 08:46:57.191root 11241100x80000000000000001752541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524458b5225d16312022-02-14 08:46:57.191root 11241100x80000000000000001752542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f02effafe555f6b2022-02-14 08:46:57.191root 11241100x80000000000000001752543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6db6c0c650df442022-02-14 08:46:57.191root 11241100x80000000000000001752544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47946a96769fe8492022-02-14 08:46:57.191root 11241100x80000000000000001752545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a38408b98c69ead2022-02-14 08:46:57.191root 11241100x80000000000000001752546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70947af05cf364ec2022-02-14 08:46:57.193root 11241100x80000000000000001752547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05fc6bf40855d912022-02-14 08:46:57.193root 11241100x80000000000000001752548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4938d18e15d1422022-02-14 08:46:57.193root 11241100x80000000000000001752549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eda3f54edc14a1a2022-02-14 08:46:57.193root 11241100x80000000000000001752550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c65ac20751c23422022-02-14 08:46:57.193root 11241100x80000000000000001752551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b84eefadc3ec0b2022-02-14 08:46:57.193root 11241100x80000000000000001752552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f5b267238bfd162022-02-14 08:46:57.193root 11241100x80000000000000001752553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77238e4f7763e1fb2022-02-14 08:46:57.680root 11241100x80000000000000001752554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2e107cfea274dc2022-02-14 08:46:57.680root 11241100x80000000000000001752555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0a1cc6dc0edf022022-02-14 08:46:57.680root 11241100x80000000000000001752556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecfc33e9b26d0952022-02-14 08:46:57.681root 11241100x80000000000000001752557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f3c94932487fef2022-02-14 08:46:57.681root 11241100x80000000000000001752558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc20056ac4d248c2022-02-14 08:46:57.681root 11241100x80000000000000001752559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aab1554ce4ee4822022-02-14 08:46:57.681root 11241100x80000000000000001752560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734885904e8d9fbe2022-02-14 08:46:57.682root 11241100x80000000000000001752561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a26f5b4c1a7a432022-02-14 08:46:57.682root 11241100x80000000000000001752562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ff6ad8ff57496e2022-02-14 08:46:57.682root 11241100x80000000000000001752563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6da56d7509614282022-02-14 08:46:57.682root 11241100x80000000000000001752564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33d580f2fcf53152022-02-14 08:46:57.682root 11241100x80000000000000001752565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7376dcfabd651ef72022-02-14 08:46:57.682root 11241100x80000000000000001752566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2315340ff1cd052022-02-14 08:46:57.682root 11241100x80000000000000001752567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09195abf32918aca2022-02-14 08:46:57.682root 11241100x80000000000000001752568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e9c15e357d5bd72022-02-14 08:46:57.683root 11241100x80000000000000001752569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a922bff59bc43de2022-02-14 08:46:57.683root 11241100x80000000000000001752570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0e45770604dc962022-02-14 08:46:57.683root 11241100x80000000000000001752571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4950f11c9c0246292022-02-14 08:46:57.684root 11241100x80000000000000001752572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9432531c80d10c962022-02-14 08:46:57.684root 11241100x80000000000000001752573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d67b77ad1daf392022-02-14 08:46:57.684root 11241100x80000000000000001752574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ee0be8f8ca5c7d2022-02-14 08:46:57.684root 11241100x80000000000000001752575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3280852ccc76082022-02-14 08:46:57.684root 11241100x80000000000000001752576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7d16838a45a6c12022-02-14 08:46:57.685root 11241100x80000000000000001752577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f1165f8205ca202022-02-14 08:46:57.685root 11241100x80000000000000001752578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91e84c13bd5db0f2022-02-14 08:46:57.685root 11241100x80000000000000001752579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390006cdec4cd9ff2022-02-14 08:46:57.685root 11241100x80000000000000001752580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f42e569a815b2a2022-02-14 08:46:57.685root 11241100x80000000000000001752581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bed78c6dcf159a12022-02-14 08:46:57.686root 11241100x80000000000000001752582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8adcb00b7107f66e2022-02-14 08:46:57.686root 11241100x80000000000000001752583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8683c128679ee32022-02-14 08:46:57.686root 11241100x80000000000000001752584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269a6c7b479813512022-02-14 08:46:57.686root 11241100x80000000000000001752585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32051dcbc01f05a22022-02-14 08:46:57.686root 11241100x80000000000000001752586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ea7f8eed29630c2022-02-14 08:46:57.686root 11241100x80000000000000001752587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92a62cd6356dd6a2022-02-14 08:46:57.687root 11241100x80000000000000001752588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca78b208743749b62022-02-14 08:46:57.687root 11241100x80000000000000001752589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492bf1d1e444adbc2022-02-14 08:46:57.687root 11241100x80000000000000001752590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a132aad6c04b132022-02-14 08:46:57.687root 11241100x80000000000000001752591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1097d8b8f984ef342022-02-14 08:46:57.687root 11241100x80000000000000001752592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c4afa23662dbed2022-02-14 08:46:57.687root 11241100x80000000000000001752593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f372f4e4db0e5e562022-02-14 08:46:57.687root 11241100x80000000000000001752594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d6e5b5ec8c0e8f2022-02-14 08:46:57.687root 11241100x80000000000000001752595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf8ab4f65fcf3c82022-02-14 08:46:57.688root 11241100x80000000000000001752596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d0259b2841d81c2022-02-14 08:46:57.688root 11241100x80000000000000001752597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f8d519c428ea212022-02-14 08:46:57.688root 11241100x80000000000000001752598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce0b79f92ccc2a52022-02-14 08:46:57.688root 11241100x80000000000000001752599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4f7a33c5bd67482022-02-14 08:46:57.688root 11241100x80000000000000001752600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe8caee21c808812022-02-14 08:46:57.688root 11241100x80000000000000001752601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcab457329de0d92022-02-14 08:46:57.688root 11241100x80000000000000001752602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1961a99768c6022022-02-14 08:46:57.688root 11241100x80000000000000001752603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e6451ae5133a042022-02-14 08:46:57.688root 11241100x80000000000000001752604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71655834dcdbb902022-02-14 08:46:57.689root 11241100x80000000000000001752605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:57.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea773be1147d48e62022-02-14 08:46:57.689root 11241100x80000000000000001752606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e58394cba98cca62022-02-14 08:46:58.180root 11241100x80000000000000001752607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942616e7a9c4e4102022-02-14 08:46:58.180root 11241100x80000000000000001752608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0ceabc971496be2022-02-14 08:46:58.180root 11241100x80000000000000001752609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65011f507476da9e2022-02-14 08:46:58.181root 11241100x80000000000000001752610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db7a53dbfc4da8b2022-02-14 08:46:58.181root 11241100x80000000000000001752611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b686d4aa5079c22022-02-14 08:46:58.181root 11241100x80000000000000001752612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b85af8f7256cdd52022-02-14 08:46:58.182root 11241100x80000000000000001752613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41ba7fd7f7a12202022-02-14 08:46:58.182root 11241100x80000000000000001752614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd39819d91af8bab2022-02-14 08:46:58.182root 11241100x80000000000000001752615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7c0861b7f53cde2022-02-14 08:46:58.182root 11241100x80000000000000001752616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9e85abe07992892022-02-14 08:46:58.182root 11241100x80000000000000001752617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23853a66eeb35b212022-02-14 08:46:58.182root 11241100x80000000000000001752618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704a895eeaa53db72022-02-14 08:46:58.182root 11241100x80000000000000001752619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd4dad385db3f0b2022-02-14 08:46:58.183root 11241100x80000000000000001752620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f13aa8af87e7f42022-02-14 08:46:58.183root 11241100x80000000000000001752621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ed012d90df40612022-02-14 08:46:58.183root 11241100x80000000000000001752622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3aa9b64133b80e22022-02-14 08:46:58.183root 11241100x80000000000000001752623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03b55a6d3684afd2022-02-14 08:46:58.183root 11241100x80000000000000001752624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30041b4569de7d692022-02-14 08:46:58.183root 11241100x80000000000000001752625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef443903109d1b22022-02-14 08:46:58.183root 11241100x80000000000000001752626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b139b54f1f38c262022-02-14 08:46:58.183root 11241100x80000000000000001752627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f304c557afd5f1392022-02-14 08:46:58.184root 11241100x80000000000000001752628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a122b20926fe44b2022-02-14 08:46:58.185root 11241100x80000000000000001752629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513d79c9b9c0e8e12022-02-14 08:46:58.185root 11241100x80000000000000001752630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb57c1ff5ec0fb72022-02-14 08:46:58.185root 11241100x80000000000000001752631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af2e7d0fec2e3382022-02-14 08:46:58.185root 11241100x80000000000000001752632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506cdd979ca955092022-02-14 08:46:58.186root 11241100x80000000000000001752633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47243bf26b9b38622022-02-14 08:46:58.186root 11241100x80000000000000001752634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186d7a84c64167de2022-02-14 08:46:58.186root 11241100x80000000000000001752635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e5b06036bbf8322022-02-14 08:46:58.186root 11241100x80000000000000001752636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d4b0f97c4d5b6d2022-02-14 08:46:58.186root 11241100x80000000000000001752637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d113aac817962f942022-02-14 08:46:58.186root 11241100x80000000000000001752638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0411e75c8bb7cf12022-02-14 08:46:58.186root 11241100x80000000000000001752639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7fad1e536054ce2022-02-14 08:46:58.186root 11241100x80000000000000001752640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77bc6fae8ddfbd32022-02-14 08:46:58.186root 11241100x80000000000000001752641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2899593c9917c042022-02-14 08:46:58.187root 11241100x80000000000000001752642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b77186e78d2d2b2022-02-14 08:46:58.187root 11241100x80000000000000001752643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cfa93edaec4be02022-02-14 08:46:58.187root 11241100x80000000000000001752644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f47e44aaa4aeeee2022-02-14 08:46:58.187root 11241100x80000000000000001752645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c91348cf7dce2a2022-02-14 08:46:58.187root 11241100x80000000000000001752646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83940ac29b31b17e2022-02-14 08:46:58.187root 11241100x80000000000000001752647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591ae463599c87982022-02-14 08:46:58.187root 11241100x80000000000000001752648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a28335ff95767c2022-02-14 08:46:58.187root 11241100x80000000000000001752649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214e97bed1b94b8e2022-02-14 08:46:58.187root 11241100x80000000000000001752650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844b7de4ce85bf882022-02-14 08:46:58.187root 11241100x80000000000000001752651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5286872b535f05b2022-02-14 08:46:58.187root 11241100x80000000000000001752652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f57ef203c34cfbe2022-02-14 08:46:58.187root 11241100x80000000000000001752653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0d418a6c46ecba2022-02-14 08:46:58.187root 11241100x80000000000000001752654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53850dcc4c5608882022-02-14 08:46:58.187root 11241100x80000000000000001752655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e617f778e32bc92022-02-14 08:46:58.188root 11241100x80000000000000001752656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46acac78a37f9ec2022-02-14 08:46:58.188root 11241100x80000000000000001752657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54959abe5e8155702022-02-14 08:46:58.188root 11241100x80000000000000001752658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5245b64bfd86e76e2022-02-14 08:46:58.681root 11241100x80000000000000001752659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57f899e8518c1df2022-02-14 08:46:58.681root 11241100x80000000000000001752660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7965b064ea0e882022-02-14 08:46:58.681root 11241100x80000000000000001752661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138d47324c41686a2022-02-14 08:46:58.681root 11241100x80000000000000001752662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f827bee16c43aa82022-02-14 08:46:58.681root 11241100x80000000000000001752663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014538021c310b6b2022-02-14 08:46:58.681root 11241100x80000000000000001752664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc08eebc33443582022-02-14 08:46:58.681root 11241100x80000000000000001752665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f673a956ded306dd2022-02-14 08:46:58.681root 11241100x80000000000000001752666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ceff81f6ae051f52022-02-14 08:46:58.681root 11241100x80000000000000001752667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d25ae505355bf02022-02-14 08:46:58.682root 11241100x80000000000000001752668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4295d9e146c6bec2022-02-14 08:46:58.682root 11241100x80000000000000001752669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0235a375ec246ae2022-02-14 08:46:58.682root 11241100x80000000000000001752670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3298ad6c0e0ea122022-02-14 08:46:58.682root 11241100x80000000000000001752671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7777a63d55c22ed02022-02-14 08:46:58.682root 11241100x80000000000000001752672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e9d7092e1920492022-02-14 08:46:58.682root 11241100x80000000000000001752673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44ce91d00cbbf0e2022-02-14 08:46:58.682root 11241100x80000000000000001752674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d69b68de57e61542022-02-14 08:46:58.682root 11241100x80000000000000001752675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483da9b1a34573f32022-02-14 08:46:58.682root 11241100x80000000000000001752676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80de8794475effc2022-02-14 08:46:58.682root 11241100x80000000000000001752677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ef333b5f16b8182022-02-14 08:46:58.682root 11241100x80000000000000001752678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7557c9108ca842b12022-02-14 08:46:58.683root 11241100x80000000000000001752679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242d597ad91833912022-02-14 08:46:58.683root 11241100x80000000000000001752680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e819f4bb5acb052e2022-02-14 08:46:58.683root 11241100x80000000000000001752681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334822b13ad2ced42022-02-14 08:46:58.683root 11241100x80000000000000001752682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853c7b1a04fcb5912022-02-14 08:46:58.683root 11241100x80000000000000001752683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db292f654deda6f12022-02-14 08:46:58.683root 11241100x80000000000000001752684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1141e8128b0225c72022-02-14 08:46:58.683root 11241100x80000000000000001752685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967314b2f6e9e9b02022-02-14 08:46:58.683root 11241100x80000000000000001752686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d3059a1450eec52022-02-14 08:46:58.689root 11241100x80000000000000001752687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c834d38f4f23868f2022-02-14 08:46:58.690root 11241100x80000000000000001752688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa86991d7c1265142022-02-14 08:46:58.690root 11241100x80000000000000001752689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef544dc7ea5a37bf2022-02-14 08:46:58.690root 11241100x80000000000000001752690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960f1add6e8081562022-02-14 08:46:58.690root 11241100x80000000000000001752691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8a4e3661a4be342022-02-14 08:46:58.690root 11241100x80000000000000001752692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49660041bd14cc32022-02-14 08:46:58.690root 11241100x80000000000000001752693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece0706cd2ed9acc2022-02-14 08:46:58.690root 11241100x80000000000000001752694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23cf653b16bd06c2022-02-14 08:46:58.690root 11241100x80000000000000001752695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3a8aaf006c6f842022-02-14 08:46:58.690root 11241100x80000000000000001752696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c666a5e1560f7112022-02-14 08:46:58.690root 11241100x80000000000000001752697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760a730760f589872022-02-14 08:46:58.691root 11241100x80000000000000001752698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8e794a108d52e22022-02-14 08:46:58.691root 11241100x80000000000000001752699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6a13f08d39980f2022-02-14 08:46:58.691root 11241100x80000000000000001752700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233553846cace5cd2022-02-14 08:46:58.691root 11241100x80000000000000001752701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bd16170af13bcd2022-02-14 08:46:58.691root 11241100x80000000000000001752702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984874fab795c0b52022-02-14 08:46:58.691root 11241100x80000000000000001752703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fc007aa5ba66782022-02-14 08:46:58.691root 11241100x80000000000000001752704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a73edec6cc15032022-02-14 08:46:58.691root 11241100x80000000000000001752705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c0f4eb210f5f762022-02-14 08:46:58.691root 11241100x80000000000000001752706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c08e6b666a1e542022-02-14 08:46:58.691root 11241100x80000000000000001752707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a53c1aed2fbbfb22022-02-14 08:46:58.691root 11241100x80000000000000001752708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef64764d06e66d492022-02-14 08:46:58.692root 11241100x80000000000000001752709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673734117d2085802022-02-14 08:46:58.692root 11241100x80000000000000001752710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c443e04de424154c2022-02-14 08:46:58.692root 11241100x80000000000000001752711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e923980080f568d42022-02-14 08:46:58.692root 11241100x80000000000000001752712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50973d0a914a5bd2022-02-14 08:46:58.692root 11241100x80000000000000001752713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0554792fff77ea7b2022-02-14 08:46:58.692root 11241100x80000000000000001752714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6a7b7c5d7a1e422022-02-14 08:46:58.692root 11241100x80000000000000001752715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121aa37b0a4352052022-02-14 08:46:58.692root 11241100x80000000000000001752716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b796e3035bacefa2022-02-14 08:46:58.692root 11241100x80000000000000001752717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2318fbcabd36d1902022-02-14 08:46:58.692root 11241100x80000000000000001752718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c3a50fdb5097202022-02-14 08:46:58.693root 11241100x80000000000000001752719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20109b58050f67222022-02-14 08:46:58.693root 11241100x80000000000000001752720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8cc934477b45e72022-02-14 08:46:58.693root 11241100x80000000000000001752721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1fb2ebc147cd862022-02-14 08:46:58.693root 11241100x80000000000000001752722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdc616e64b10d6e2022-02-14 08:46:58.693root 11241100x80000000000000001752723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8a10ce6761e9c62022-02-14 08:46:58.693root 11241100x80000000000000001752724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66212bac5972158d2022-02-14 08:46:58.693root 11241100x80000000000000001752725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed15c91d105739f32022-02-14 08:46:58.693root 11241100x80000000000000001752726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72e012ad8ffac072022-02-14 08:46:58.693root 11241100x80000000000000001752727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5d03c51f9dd5872022-02-14 08:46:58.694root 11241100x80000000000000001752728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cd1ec3a67962f72022-02-14 08:46:58.694root 11241100x80000000000000001752729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5bf81f926444c92022-02-14 08:46:58.694root 11241100x80000000000000001752730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2390683acb11026c2022-02-14 08:46:58.694root 11241100x80000000000000001752731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d199cfa480f03d872022-02-14 08:46:58.694root 11241100x80000000000000001752732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21cfcf1d10927852022-02-14 08:46:58.694root 11241100x80000000000000001752733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4d9c0182b852732022-02-14 08:46:58.694root 11241100x80000000000000001752734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e7a2b6863d79162022-02-14 08:46:58.694root 11241100x80000000000000001752735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4fc5b123b8a1a72022-02-14 08:46:58.695root 11241100x80000000000000001752736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523111cf9b8a81912022-02-14 08:46:58.695root 11241100x80000000000000001752737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edf37bc75f87d9b2022-02-14 08:46:58.695root 11241100x80000000000000001752738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc01615b956bbbe62022-02-14 08:46:58.695root 11241100x80000000000000001752739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:58.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be6cf474265fa922022-02-14 08:46:58.695root 11241100x80000000000000001752740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f194e5678b482d02022-02-14 08:46:59.180root 11241100x80000000000000001752741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a82e5a14caf75df2022-02-14 08:46:59.181root 11241100x80000000000000001752742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6f2e25a20b2be02022-02-14 08:46:59.181root 11241100x80000000000000001752743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc661f893231fff2022-02-14 08:46:59.181root 11241100x80000000000000001752744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfc3a478af4225a2022-02-14 08:46:59.181root 11241100x80000000000000001752745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3259b4e10cf67ddb2022-02-14 08:46:59.181root 11241100x80000000000000001752746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7908b5236631c0462022-02-14 08:46:59.181root 11241100x80000000000000001752747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e8b8cc34cd16c42022-02-14 08:46:59.181root 11241100x80000000000000001752748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd51aed39d4ef5a2022-02-14 08:46:59.181root 11241100x80000000000000001752749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6fdfc26283f18152022-02-14 08:46:59.181root 11241100x80000000000000001752750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfca93cd606808392022-02-14 08:46:59.181root 11241100x80000000000000001752751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a50976465b9a0da2022-02-14 08:46:59.182root 11241100x80000000000000001752752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234478e622eb9b352022-02-14 08:46:59.182root 11241100x80000000000000001752753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98107f7564c8fecb2022-02-14 08:46:59.182root 11241100x80000000000000001752754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c861cfdad180207f2022-02-14 08:46:59.182root 11241100x80000000000000001752755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f737d2546fa1092b2022-02-14 08:46:59.182root 11241100x80000000000000001752756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc11643f3e617dd2022-02-14 08:46:59.182root 11241100x80000000000000001752757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb689ea91630b002022-02-14 08:46:59.182root 11241100x80000000000000001752758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0fe3382a5262222022-02-14 08:46:59.182root 11241100x80000000000000001752759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859eb9c01fc91c562022-02-14 08:46:59.182root 11241100x80000000000000001752760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226733d9d2a0dafc2022-02-14 08:46:59.182root 11241100x80000000000000001752761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5e8a80ae12af3e2022-02-14 08:46:59.182root 11241100x80000000000000001752762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7245dc0363c3672022-02-14 08:46:59.182root 11241100x80000000000000001752763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa941f53ae067ef2022-02-14 08:46:59.182root 11241100x80000000000000001752764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8fbaf73c1f6a1d2022-02-14 08:46:59.182root 11241100x80000000000000001752765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a32e0c2d2b35622022-02-14 08:46:59.182root 11241100x80000000000000001752766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f534fee67d0a0792022-02-14 08:46:59.182root 11241100x80000000000000001752767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3827fb9c8fcdc742022-02-14 08:46:59.183root 11241100x80000000000000001752768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8419972789c96edd2022-02-14 08:46:59.183root 11241100x80000000000000001752769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b1088c1dc6ee642022-02-14 08:46:59.183root 11241100x80000000000000001752770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a545abca24346d2022-02-14 08:46:59.183root 11241100x80000000000000001752771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba4b1d7fa75afa72022-02-14 08:46:59.183root 11241100x80000000000000001752772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4c8e11c4eb32842022-02-14 08:46:59.183root 11241100x80000000000000001752773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395e910622cea7d22022-02-14 08:46:59.183root 11241100x80000000000000001752774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ce4465a7b16f8a2022-02-14 08:46:59.183root 11241100x80000000000000001752775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d01a974580c8a7f2022-02-14 08:46:59.183root 11241100x80000000000000001752776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df092062752724592022-02-14 08:46:59.183root 11241100x80000000000000001752777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de7013adaed209a2022-02-14 08:46:59.183root 11241100x80000000000000001752778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdca0ea23b7faee2022-02-14 08:46:59.183root 11241100x80000000000000001752779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f4594c42e496282022-02-14 08:46:59.183root 11241100x80000000000000001752780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b62956a5bcfc65d2022-02-14 08:46:59.183root 11241100x80000000000000001752781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433bd2150d85f96a2022-02-14 08:46:59.183root 11241100x80000000000000001752782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63591691385b2502022-02-14 08:46:59.184root 11241100x80000000000000001752783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fed278ac94bbf502022-02-14 08:46:59.184root 11241100x80000000000000001752784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6363e4b2c57adf2022-02-14 08:46:59.184root 11241100x80000000000000001752785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f0caffabf7d3442022-02-14 08:46:59.184root 11241100x80000000000000001752786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48879b8ec551d242022-02-14 08:46:59.184root 11241100x80000000000000001752787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad93c21e4422a7f2022-02-14 08:46:59.184root 11241100x80000000000000001752788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4dd290054a909c2022-02-14 08:46:59.184root 11241100x80000000000000001752789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3238f5531fd30dea2022-02-14 08:46:59.184root 11241100x80000000000000001752790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b19b908f9a3c3442022-02-14 08:46:59.184root 11241100x80000000000000001752791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cb446d4c2dbbac2022-02-14 08:46:59.184root 11241100x80000000000000001752792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2675ad235505d7552022-02-14 08:46:59.184root 11241100x80000000000000001752793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333ceeaff6e6735a2022-02-14 08:46:59.184root 11241100x80000000000000001752794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb385c1e6e7957532022-02-14 08:46:59.184root 11241100x80000000000000001752795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4877b382c6a9822022-02-14 08:46:59.184root 11241100x80000000000000001752796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fa0e7f7ec197492022-02-14 08:46:59.184root 11241100x80000000000000001752797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e8a2a426c780b62022-02-14 08:46:59.185root 11241100x80000000000000001752798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec0d05ce14be5542022-02-14 08:46:59.185root 11241100x80000000000000001752799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f4b54e12d9572b2022-02-14 08:46:59.185root 11241100x80000000000000001752800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450e65409c39dbc02022-02-14 08:46:59.185root 11241100x80000000000000001752801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d96c73d2b032ce2022-02-14 08:46:59.185root 11241100x80000000000000001752802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04da0be3c14cae6b2022-02-14 08:46:59.185root 11241100x80000000000000001752803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bb2a4048b23a4d2022-02-14 08:46:59.185root 11241100x80000000000000001752804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9aa354691c36392022-02-14 08:46:59.185root 11241100x80000000000000001752805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6eabaf57213c4b62022-02-14 08:46:59.680root 11241100x80000000000000001752806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44a41ee9f6f81712022-02-14 08:46:59.680root 11241100x80000000000000001752807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b43cfd02f29f432022-02-14 08:46:59.680root 11241100x80000000000000001752808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a959fd1812170cb2022-02-14 08:46:59.680root 11241100x80000000000000001752809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8df04b472fea2062022-02-14 08:46:59.680root 11241100x80000000000000001752810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a23f40a402c70bb2022-02-14 08:46:59.680root 11241100x80000000000000001752811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421387068db1bd802022-02-14 08:46:59.680root 11241100x80000000000000001752812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff387a38d678ba892022-02-14 08:46:59.680root 11241100x80000000000000001752813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cb24f924f9ca612022-02-14 08:46:59.680root 11241100x80000000000000001752814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccd586efb321c652022-02-14 08:46:59.680root 11241100x80000000000000001752815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6470b9108dd0792022-02-14 08:46:59.680root 11241100x80000000000000001752816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47596b2f1b059f4e2022-02-14 08:46:59.681root 11241100x80000000000000001752817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a410c1625c78bc352022-02-14 08:46:59.681root 11241100x80000000000000001752818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd84f26521cb212c2022-02-14 08:46:59.681root 11241100x80000000000000001752819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9281d0070bf2de7d2022-02-14 08:46:59.681root 11241100x80000000000000001752820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5e541f269199ab2022-02-14 08:46:59.681root 11241100x80000000000000001752821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7a85746f4b19432022-02-14 08:46:59.681root 11241100x80000000000000001752822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bdc866328a560b2022-02-14 08:46:59.681root 11241100x80000000000000001752823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5c6defb96299d42022-02-14 08:46:59.681root 11241100x80000000000000001752824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4faf599f81670a2022-02-14 08:46:59.681root 11241100x80000000000000001752825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e4984888ec495c2022-02-14 08:46:59.681root 11241100x80000000000000001752826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea81451443a784c2022-02-14 08:46:59.681root 11241100x80000000000000001752827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9f6c2d58bd8cc12022-02-14 08:46:59.681root 11241100x80000000000000001752828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004760e0ff37e8d92022-02-14 08:46:59.681root 11241100x80000000000000001752829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a79cf98d15ccb62022-02-14 08:46:59.681root 11241100x80000000000000001752830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92060e62ae631972022-02-14 08:46:59.682root 11241100x80000000000000001752831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3078d74dbb6f39dc2022-02-14 08:46:59.682root 11241100x80000000000000001752832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b78435b51eb69d2022-02-14 08:46:59.682root 11241100x80000000000000001752833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c86d984b7fb3092022-02-14 08:46:59.682root 11241100x80000000000000001752834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946fdbe2cac3249b2022-02-14 08:46:59.682root 11241100x80000000000000001752835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191d455f7ba106d02022-02-14 08:46:59.682root 11241100x80000000000000001752836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd52df4bf6ca7552022-02-14 08:46:59.682root 11241100x80000000000000001752837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8574f33df3392e2022-02-14 08:46:59.682root 11241100x80000000000000001752838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de611a9ce363d592022-02-14 08:46:59.682root 11241100x80000000000000001752839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebb0be788ad95ac2022-02-14 08:46:59.682root 11241100x80000000000000001752840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a09f9b182878e5a2022-02-14 08:46:59.683root 11241100x80000000000000001752841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2ef79af7f9a6192022-02-14 08:46:59.683root 11241100x80000000000000001752842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa20966c360e25e2022-02-14 08:46:59.683root 11241100x80000000000000001752843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3406f6c969c5442022-02-14 08:46:59.683root 11241100x80000000000000001752844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecb6f2b688b76b52022-02-14 08:46:59.683root 11241100x80000000000000001752845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a70166347305e4c2022-02-14 08:46:59.683root 11241100x80000000000000001752846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8eb8c37f4c5f9182022-02-14 08:46:59.683root 11241100x80000000000000001752847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2269a1f9d0a7f42022-02-14 08:46:59.683root 11241100x80000000000000001752848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4438fff804bc1a6a2022-02-14 08:46:59.683root 11241100x80000000000000001752849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bdff860841ded42022-02-14 08:46:59.683root 11241100x80000000000000001752850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28f7877aa6edaef2022-02-14 08:46:59.684root 11241100x80000000000000001752851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d517820abbbab482022-02-14 08:46:59.684root 11241100x80000000000000001752852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65088c95b7295e42022-02-14 08:46:59.684root 11241100x80000000000000001752853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c7e5a890ae264c2022-02-14 08:46:59.684root 11241100x80000000000000001752854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9774ea8583fa66dc2022-02-14 08:46:59.684root 11241100x80000000000000001752855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0f37b32d93fa6f2022-02-14 08:46:59.684root 11241100x80000000000000001752856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b72322275f4d1b2022-02-14 08:46:59.684root 11241100x80000000000000001752857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfd65ffd1467c0f2022-02-14 08:46:59.684root 11241100x80000000000000001752858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc9aae748e11b442022-02-14 08:46:59.684root 11241100x80000000000000001752859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c854eabc65e6f7fe2022-02-14 08:46:59.684root 11241100x80000000000000001752860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2aa2b3476bb1c82022-02-14 08:46:59.685root 11241100x80000000000000001752861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0c41dafb9785492022-02-14 08:46:59.685root 11241100x80000000000000001752862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53453adb8b1851002022-02-14 08:46:59.685root 11241100x80000000000000001752863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab88e306980db9d2022-02-14 08:46:59.685root 11241100x80000000000000001752864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79333968849379702022-02-14 08:46:59.685root 11241100x80000000000000001752865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb35c59a314774e2022-02-14 08:46:59.685root 11241100x80000000000000001752866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe55bd4b1e2ceded2022-02-14 08:46:59.685root 11241100x80000000000000001752867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37c900548b319a92022-02-14 08:46:59.685root 11241100x80000000000000001752868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8e416bf21a36ab2022-02-14 08:46:59.685root 11241100x80000000000000001752869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecc92839ef3026e2022-02-14 08:46:59.686root 11241100x80000000000000001752870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307487eae565a7a92022-02-14 08:46:59.686root 11241100x80000000000000001752871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab818a3787de42c52022-02-14 08:46:59.686root 11241100x80000000000000001752872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a99fcba39e3376c2022-02-14 08:46:59.686root 11241100x80000000000000001752873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81505e55768cf45d2022-02-14 08:46:59.686root 11241100x80000000000000001752874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de64eb41f48bc3e62022-02-14 08:46:59.686root 11241100x80000000000000001752875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a6c4b47a09a3212022-02-14 08:46:59.686root 11241100x80000000000000001752876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df4c969f6eab1cc2022-02-14 08:46:59.687root 11241100x80000000000000001752877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acfb199ec7283a02022-02-14 08:46:59.687root 11241100x80000000000000001752878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6076655015221b192022-02-14 08:46:59.687root 11241100x80000000000000001752879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3567ffda257bc20a2022-02-14 08:46:59.687root 11241100x80000000000000001752880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838fb94994cc3d152022-02-14 08:46:59.687root 11241100x80000000000000001752881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d440a58742239e2022-02-14 08:46:59.687root 11241100x80000000000000001752882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223689e98f146c8a2022-02-14 08:46:59.687root 11241100x80000000000000001752883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44aae5b45d4379f22022-02-14 08:46:59.688root 11241100x80000000000000001752884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e480948c3c93b0b82022-02-14 08:46:59.688root 11241100x80000000000000001752885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b422af9646edf4a2022-02-14 08:46:59.688root 11241100x80000000000000001752886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3303c7f4e6c79d6a2022-02-14 08:46:59.688root 11241100x80000000000000001752887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb8a10f872579302022-02-14 08:46:59.688root 11241100x80000000000000001752888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7208d78dba6402862022-02-14 08:46:59.688root 11241100x80000000000000001752889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4459291909c54aa2022-02-14 08:46:59.688root 11241100x80000000000000001752890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59c850e6d19b4d52022-02-14 08:46:59.688root 11241100x80000000000000001752891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db16f6503a440f32022-02-14 08:46:59.689root 11241100x80000000000000001752892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b621dc4b0c9faa2022-02-14 08:46:59.690root 11241100x80000000000000001752893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060d20b742ab235b2022-02-14 08:46:59.690root 11241100x80000000000000001752894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e79f343b3bc1912022-02-14 08:46:59.690root 11241100x80000000000000001752895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6131f0b28a42c42022-02-14 08:46:59.690root 11241100x80000000000000001752896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c314f51af6571812022-02-14 08:46:59.690root 11241100x80000000000000001752897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94260fc6c03d68522022-02-14 08:46:59.690root 11241100x80000000000000001752898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ad777d8aded2a02022-02-14 08:46:59.690root 11241100x80000000000000001752899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dcabe66ed1b76b2022-02-14 08:46:59.690root 11241100x80000000000000001752900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7934cfa34cebabe2022-02-14 08:46:59.690root 11241100x80000000000000001752901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a76d81ce5d4f2f2022-02-14 08:46:59.690root 11241100x80000000000000001752902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e225baec7e84ee2022-02-14 08:46:59.690root 11241100x80000000000000001752903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae329131470b2842022-02-14 08:46:59.690root 11241100x80000000000000001752904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce90b46a2f9a2422022-02-14 08:46:59.690root 11241100x80000000000000001752905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1de18dc3c274e142022-02-14 08:46:59.691root 11241100x80000000000000001752906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82720b51c7cb15f52022-02-14 08:46:59.691root 11241100x80000000000000001752907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa606791731ee9fa2022-02-14 08:46:59.691root 11241100x80000000000000001752908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71d794bdd6feccf2022-02-14 08:46:59.691root 11241100x80000000000000001752909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8676bbf721db7aae2022-02-14 08:46:59.691root 11241100x80000000000000001752910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99007fe4c42f6412022-02-14 08:46:59.691root 11241100x80000000000000001752911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adcb5eb92f74b9b2022-02-14 08:46:59.691root 11241100x80000000000000001752912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80d7910c4794fdf2022-02-14 08:46:59.691root 11241100x80000000000000001752913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2978023e4b6bd31c2022-02-14 08:46:59.691root 11241100x80000000000000001752914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544729cf8fbdc56e2022-02-14 08:46:59.691root 11241100x80000000000000001752915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd1ac3cf361bec02022-02-14 08:46:59.691root 11241100x80000000000000001752916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bce5d45cd2181a2022-02-14 08:46:59.691root 11241100x80000000000000001752917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b631445adc9f99562022-02-14 08:46:59.691root 11241100x80000000000000001752918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668f9c2cd04379022022-02-14 08:46:59.692root 11241100x80000000000000001752919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587076ebd5986c432022-02-14 08:46:59.692root 11241100x80000000000000001752920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb80ee8bddd28da2022-02-14 08:46:59.692root 11241100x80000000000000001752921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c131eeb95cf840b22022-02-14 08:46:59.692root 11241100x80000000000000001752922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a2f073409c33672022-02-14 08:46:59.692root 11241100x80000000000000001752923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a4ee02bad6aea32022-02-14 08:46:59.693root 11241100x80000000000000001752924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc768b546c7d4a32022-02-14 08:46:59.693root 11241100x80000000000000001752925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46ad6f9c76b82672022-02-14 08:46:59.694root 11241100x80000000000000001752926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba661b4eadf8b0d2022-02-14 08:46:59.694root 11241100x80000000000000001752927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c51ce995f1035192022-02-14 08:46:59.694root 11241100x80000000000000001752928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8a157d1cc9808c2022-02-14 08:46:59.694root 11241100x80000000000000001752929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88566a99f4b2cce12022-02-14 08:46:59.695root 11241100x80000000000000001752930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb158de5ec3f2d72022-02-14 08:46:59.695root 11241100x80000000000000001752931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657255e01818b8c52022-02-14 08:46:59.695root 11241100x80000000000000001752932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691f006f0194b6f62022-02-14 08:46:59.695root 11241100x80000000000000001752933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13549bb14c9a0f42022-02-14 08:46:59.695root 11241100x80000000000000001752934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9a63b3fdc019ec2022-02-14 08:46:59.695root 11241100x80000000000000001752935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5474a086dd77f0e2022-02-14 08:46:59.695root 11241100x80000000000000001752936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849bcec41b2f82972022-02-14 08:46:59.695root 11241100x80000000000000001752937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd4c14652846ad92022-02-14 08:46:59.695root 11241100x80000000000000001752938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de936b16754651222022-02-14 08:46:59.695root 11241100x80000000000000001752939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3358908d027fcc2b2022-02-14 08:46:59.695root 11241100x80000000000000001752940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c51c15be6ff4de2022-02-14 08:46:59.695root 11241100x80000000000000001752941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c94833cb73b39f2022-02-14 08:46:59.695root 11241100x80000000000000001752942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bce67c76167cb722022-02-14 08:46:59.695root 11241100x80000000000000001752943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9288198641feb52022-02-14 08:46:59.696root 11241100x80000000000000001752944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72c6d215d5d298e2022-02-14 08:46:59.696root 11241100x80000000000000001752945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8fa8f2318993392022-02-14 08:46:59.696root 11241100x80000000000000001752946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24db4d2d47245b062022-02-14 08:46:59.696root 11241100x80000000000000001752947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955f1fe7652083502022-02-14 08:46:59.696root 11241100x80000000000000001752948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03198574502f731e2022-02-14 08:46:59.696root 11241100x80000000000000001752949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a22934161939ea2022-02-14 08:46:59.696root 11241100x80000000000000001752950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daebf389df8756922022-02-14 08:46:59.696root 11241100x80000000000000001752951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8219b5666db42f4c2022-02-14 08:46:59.696root 11241100x80000000000000001752952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4569328343177d2022-02-14 08:46:59.696root 11241100x80000000000000001752953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53693407c2859f72022-02-14 08:46:59.696root 11241100x80000000000000001752954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d30d59660b5d0332022-02-14 08:46:59.697root 11241100x80000000000000001752955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8994dd7a045627352022-02-14 08:46:59.697root 11241100x80000000000000001752956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb545eb9b4f771992022-02-14 08:46:59.697root 11241100x80000000000000001752957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c42ab3935cce7d12022-02-14 08:46:59.698root 11241100x80000000000000001752958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93953bbdae149ff72022-02-14 08:46:59.698root 11241100x80000000000000001752959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffaa754ef191e8dd2022-02-14 08:46:59.698root 11241100x80000000000000001752960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e80c22400ebdccd2022-02-14 08:46:59.698root 11241100x80000000000000001752961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0454aa9dbde7d07a2022-02-14 08:46:59.698root 11241100x80000000000000001752962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16aed0de950024102022-02-14 08:46:59.698root 11241100x80000000000000001752963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f1d1247ffe91362022-02-14 08:46:59.698root 11241100x80000000000000001752964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12265e4339d2a0b02022-02-14 08:46:59.698root 11241100x80000000000000001752965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51e5ffaa4cdde9d2022-02-14 08:46:59.698root 11241100x80000000000000001752966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491e7ba445cdc2252022-02-14 08:46:59.698root 11241100x80000000000000001752967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ff8ef44a463c8e2022-02-14 08:46:59.698root 11241100x80000000000000001752968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9da401d53934302022-02-14 08:46:59.699root 11241100x80000000000000001752969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253a2e5807ff38972022-02-14 08:46:59.699root 11241100x80000000000000001752970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9678e2a16aacde2022-02-14 08:46:59.699root 11241100x80000000000000001752971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3022f6b8fb0efb82022-02-14 08:46:59.699root 11241100x80000000000000001752972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba15432453d7ba22022-02-14 08:46:59.699root 11241100x80000000000000001752973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d8ef964ff9ba272022-02-14 08:46:59.699root 11241100x80000000000000001752974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a1dfd4e54dd89d2022-02-14 08:46:59.699root 11241100x80000000000000001752975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00050f2b32e22792022-02-14 08:46:59.699root 11241100x80000000000000001752976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e66ba3b60b928852022-02-14 08:46:59.700root 11241100x80000000000000001752977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ec333e4fabea222022-02-14 08:46:59.701root 11241100x80000000000000001752978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e4cfccf621d45a2022-02-14 08:46:59.701root 11241100x80000000000000001752979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d981f270754458792022-02-14 08:46:59.701root 11241100x80000000000000001752980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b4a61ecd3f3d3b2022-02-14 08:46:59.701root 11241100x80000000000000001752981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1383e1766b01962022-02-14 08:46:59.701root 11241100x80000000000000001752982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ad3eb34a3704502022-02-14 08:46:59.701root 11241100x80000000000000001752983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9daf61281ad88672022-02-14 08:46:59.701root 11241100x80000000000000001752984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d90d7625f6709fc2022-02-14 08:46:59.702root 11241100x80000000000000001752985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fdb0077ea49f852022-02-14 08:46:59.702root 11241100x80000000000000001752986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20481eb599ae94b82022-02-14 08:46:59.702root 11241100x80000000000000001752987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b829950d4e772c412022-02-14 08:46:59.703root 11241100x80000000000000001752988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad00f445a2bdd5dc2022-02-14 08:46:59.703root 11241100x80000000000000001752989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce73928d94ae5382022-02-14 08:46:59.703root 11241100x80000000000000001752990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37ab467c85b0c1c2022-02-14 08:46:59.703root 11241100x80000000000000001752991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0f0b5bbe3e0ec52022-02-14 08:46:59.703root 11241100x80000000000000001752992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada5c089516c05222022-02-14 08:46:59.703root 11241100x80000000000000001752993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc81bca633ce419a2022-02-14 08:46:59.704root 11241100x80000000000000001752994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea26e4a8c2807a82022-02-14 08:46:59.704root 11241100x80000000000000001752995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cad3d1ecabc9b732022-02-14 08:46:59.704root 11241100x80000000000000001752996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e048d0ba27113f2022-02-14 08:46:59.704root 11241100x80000000000000001752997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd6af766cd5b1c02022-02-14 08:46:59.704root 11241100x80000000000000001752998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1b2197991a5f512022-02-14 08:46:59.704root 11241100x80000000000000001752999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec52a5cfb5642502022-02-14 08:46:59.704root 11241100x80000000000000001753000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1db95e73665fba2022-02-14 08:46:59.704root 11241100x80000000000000001753001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d72d6b240bfe3852022-02-14 08:46:59.705root 11241100x80000000000000001753002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d261ec24aee4a3dc2022-02-14 08:46:59.705root 11241100x80000000000000001753003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f5d673ae8a93232022-02-14 08:46:59.705root 11241100x80000000000000001753004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c32a31de79acf952022-02-14 08:46:59.705root 11241100x80000000000000001753005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d070a3fcbd0956d92022-02-14 08:46:59.705root 11241100x80000000000000001753006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e319e70bc105f4152022-02-14 08:46:59.705root 11241100x80000000000000001753007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:46:59.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a168aee78aadae52022-02-14 08:46:59.705root 11241100x80000000000000001753008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edffc09c7b9bf372022-02-14 08:47:00.180root 11241100x80000000000000001753009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a575a1ff76a8f342022-02-14 08:47:00.180root 11241100x80000000000000001753010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b6f3a0b3f3403b2022-02-14 08:47:00.180root 11241100x80000000000000001753011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b408d8537c73d672022-02-14 08:47:00.180root 11241100x80000000000000001753012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571fbb4bb7007f4d2022-02-14 08:47:00.180root 11241100x80000000000000001753013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5dd3a9d498922952022-02-14 08:47:00.180root 11241100x80000000000000001753014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef7d23f683db3972022-02-14 08:47:00.180root 11241100x80000000000000001753015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832306956e30f6622022-02-14 08:47:00.180root 11241100x80000000000000001753016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed66c218dc0a39a2022-02-14 08:47:00.181root 11241100x80000000000000001753017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6dde94fe552d17d2022-02-14 08:47:00.181root 11241100x80000000000000001753018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9b6bcda4f0fe3d2022-02-14 08:47:00.181root 11241100x80000000000000001753019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc8c20ec7251e232022-02-14 08:47:00.181root 11241100x80000000000000001753020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c51bea2013688ed2022-02-14 08:47:00.181root 11241100x80000000000000001753021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edaa56a0bad5b17a2022-02-14 08:47:00.181root 11241100x80000000000000001753022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f72fc8be416f39e2022-02-14 08:47:00.182root 11241100x80000000000000001753023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd4f4e0f7d2fa6c2022-02-14 08:47:00.182root 11241100x80000000000000001753024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5286a9ed1257bfc2022-02-14 08:47:00.182root 11241100x80000000000000001753025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c82cc84ca048182022-02-14 08:47:00.182root 11241100x80000000000000001753026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db81d092b4f919dd2022-02-14 08:47:00.182root 11241100x80000000000000001753027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a72c0fdaf6a0482022-02-14 08:47:00.182root 11241100x80000000000000001753028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e69e3373eea061e2022-02-14 08:47:00.182root 11241100x80000000000000001753029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bda5132139afe82022-02-14 08:47:00.182root 11241100x80000000000000001753030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6385a6e121b1587c2022-02-14 08:47:00.182root 11241100x80000000000000001753031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330cc65849e340962022-02-14 08:47:00.182root 11241100x80000000000000001753032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6387eac201bb10ec2022-02-14 08:47:00.183root 11241100x80000000000000001753033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c13e74d02d636c2022-02-14 08:47:00.183root 11241100x80000000000000001753034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bdd7bebcb6b18f2022-02-14 08:47:00.183root 11241100x80000000000000001753035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971175f7f5f5fcd62022-02-14 08:47:00.183root 11241100x80000000000000001753036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd91093999f87672022-02-14 08:47:00.183root 11241100x80000000000000001753037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245cdfe41217148e2022-02-14 08:47:00.183root 11241100x80000000000000001753038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330189e4fa2121452022-02-14 08:47:00.183root 11241100x80000000000000001753039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f393cd6210a09d22022-02-14 08:47:00.183root 11241100x80000000000000001753040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2864a844ee7da9092022-02-14 08:47:00.183root 11241100x80000000000000001753041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9cd07c322f64cd82022-02-14 08:47:00.183root 11241100x80000000000000001753042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ffc7af068ade302022-02-14 08:47:00.184root 11241100x80000000000000001753043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844a25f80cac48042022-02-14 08:47:00.184root 11241100x80000000000000001753044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23ddad5ca87d5462022-02-14 08:47:00.184root 11241100x80000000000000001753045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759cce8584ec6c7c2022-02-14 08:47:00.184root 11241100x80000000000000001753046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87a315f2b804b522022-02-14 08:47:00.184root 11241100x80000000000000001753047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddfe441fdad5a912022-02-14 08:47:00.184root 11241100x80000000000000001753048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f155e96c1c47d42022-02-14 08:47:00.185root 11241100x80000000000000001753049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b12fe9a90b7bac02022-02-14 08:47:00.185root 11241100x80000000000000001753050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218a6ae09d8390952022-02-14 08:47:00.185root 11241100x80000000000000001753051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c83c5ffe765a3d12022-02-14 08:47:00.185root 11241100x80000000000000001753052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6416355234b5332022-02-14 08:47:00.185root 11241100x80000000000000001753053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b64cc231a9875e2022-02-14 08:47:00.186root 11241100x80000000000000001753054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2082cec948ae8ff82022-02-14 08:47:00.186root 11241100x80000000000000001753055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9ab40ab121afa02022-02-14 08:47:00.186root 11241100x80000000000000001753056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54784f162ccdbbb2022-02-14 08:47:00.187root 11241100x80000000000000001753057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1107938ae0a13a2022-02-14 08:47:00.187root 11241100x80000000000000001753058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34343688f299ada2022-02-14 08:47:00.188root 11241100x80000000000000001753059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25ffdc8ac35036b2022-02-14 08:47:00.188root 11241100x80000000000000001753060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420cd88cd1113f7f2022-02-14 08:47:00.188root 11241100x80000000000000001753061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d291265020ae499b2022-02-14 08:47:00.188root 11241100x80000000000000001753062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e3beb06ffc38f22022-02-14 08:47:00.189root 11241100x80000000000000001753063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0d2e976f8b31682022-02-14 08:47:00.189root 11241100x80000000000000001753064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de975d7e1c156d532022-02-14 08:47:00.189root 11241100x80000000000000001753065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95019ec8fb35e8e42022-02-14 08:47:00.189root 11241100x80000000000000001753066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17560f3e90cbe962022-02-14 08:47:00.189root 11241100x80000000000000001753067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6914555ff8565502022-02-14 08:47:00.189root 11241100x80000000000000001753068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c6199f06e3388f2022-02-14 08:47:00.189root 11241100x80000000000000001753069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ce654fbacdad292022-02-14 08:47:00.190root 11241100x80000000000000001753070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac1ff07c7fa990d2022-02-14 08:47:00.190root 11241100x80000000000000001753071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5dcf756bfb0066d2022-02-14 08:47:00.190root 11241100x80000000000000001753072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bb7d9f94f166722022-02-14 08:47:00.190root 11241100x80000000000000001753073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd5c9e98ad4153c2022-02-14 08:47:00.190root 11241100x80000000000000001753074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3265d5f68f756ea42022-02-14 08:47:00.190root 11241100x80000000000000001753075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f1a07b92f7460b2022-02-14 08:47:00.190root 11241100x80000000000000001753076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b04e452765f6d22022-02-14 08:47:00.190root 11241100x80000000000000001753077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b680c3426c16afb2022-02-14 08:47:00.190root 11241100x80000000000000001753078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a299cb87841c072022-02-14 08:47:00.191root 11241100x80000000000000001753079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096758ceeee38d002022-02-14 08:47:00.191root 11241100x80000000000000001753080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d25309bbb1868952022-02-14 08:47:00.191root 11241100x80000000000000001753081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eddb2c50374ed1c2022-02-14 08:47:00.191root 11241100x80000000000000001753082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33291440d2f9958d2022-02-14 08:47:00.191root 11241100x80000000000000001753083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77be3c7e80c6960d2022-02-14 08:47:00.191root 11241100x80000000000000001753084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b81fd6e86be4762022-02-14 08:47:00.191root 11241100x80000000000000001753085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5d21f42ebf833b2022-02-14 08:47:00.191root 11241100x80000000000000001753086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736150ba842679102022-02-14 08:47:00.191root 11241100x80000000000000001753087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fece7122a6856832022-02-14 08:47:00.191root 11241100x80000000000000001753088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c11c579b68866b2022-02-14 08:47:00.191root 11241100x80000000000000001753089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f55c41a03aa0832022-02-14 08:47:00.191root 11241100x80000000000000001753090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65aa0e1df8bc2dc22022-02-14 08:47:00.191root 11241100x80000000000000001753091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086f571ef40d2bba2022-02-14 08:47:00.192root 11241100x80000000000000001753092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b4e4ecdc98cebd2022-02-14 08:47:00.192root 11241100x80000000000000001753093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e980ee5e44e48402022-02-14 08:47:00.192root 11241100x80000000000000001753094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beac961ab00cb83e2022-02-14 08:47:00.192root 11241100x80000000000000001753095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5829c780bc5b482022-02-14 08:47:00.192root 11241100x80000000000000001753096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626c05c302219c692022-02-14 08:47:00.192root 11241100x80000000000000001753097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33ce3abe8b1a5502022-02-14 08:47:00.192root 11241100x80000000000000001753098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d1096340445a692022-02-14 08:47:00.193root 11241100x80000000000000001753099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1732f112dd7356082022-02-14 08:47:00.193root 11241100x80000000000000001753100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12894fd8a43b1f42022-02-14 08:47:00.194root 11241100x80000000000000001753101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766e2e801cc8d1352022-02-14 08:47:00.195root 11241100x80000000000000001753102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f4f75edfd2bb3a2022-02-14 08:47:00.195root 11241100x80000000000000001753103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f581df8efddcb3322022-02-14 08:47:00.195root 11241100x80000000000000001753104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7714b988e197f5272022-02-14 08:47:00.196root 11241100x80000000000000001753105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f15acded6d5feb2022-02-14 08:47:00.196root 11241100x80000000000000001753106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912cdeea8ea8a8c02022-02-14 08:47:00.196root 11241100x80000000000000001753107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f931056f3dffc52022-02-14 08:47:00.196root 11241100x80000000000000001753108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d3da05c082b5c32022-02-14 08:47:00.196root 11241100x80000000000000001753109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7667acb6461c41e12022-02-14 08:47:00.196root 11241100x80000000000000001753110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf0da9df489a3722022-02-14 08:47:00.196root 11241100x80000000000000001753111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601e771b17bfb81d2022-02-14 08:47:00.196root 11241100x80000000000000001753112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da24acc3f410692e2022-02-14 08:47:00.196root 11241100x80000000000000001753113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b927649998ef5f922022-02-14 08:47:00.197root 11241100x80000000000000001753114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff60fd221ffa2742022-02-14 08:47:00.197root 11241100x80000000000000001753115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563d7b8a6a25601d2022-02-14 08:47:00.197root 11241100x80000000000000001753116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39aaf9a9d3e36d0d2022-02-14 08:47:00.197root 11241100x80000000000000001753117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b3b7c73b50a01e2022-02-14 08:47:00.197root 11241100x80000000000000001753118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e97d2441d1bf152022-02-14 08:47:00.197root 11241100x80000000000000001753119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157009d9471edbc02022-02-14 08:47:00.681root 11241100x80000000000000001753120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755f9c67810e35542022-02-14 08:47:00.682root 11241100x80000000000000001753121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ddf5bba772f4b92022-02-14 08:47:00.682root 11241100x80000000000000001753122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2f2292e48b198c2022-02-14 08:47:00.682root 11241100x80000000000000001753123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952f7ee7a7f83c182022-02-14 08:47:00.682root 11241100x80000000000000001753124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ac557c3b83e8dc2022-02-14 08:47:00.683root 11241100x80000000000000001753125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930c79c04009138f2022-02-14 08:47:00.684root 11241100x80000000000000001753126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1c4dc64c6900762022-02-14 08:47:00.684root 11241100x80000000000000001753127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17b7f62c468cb102022-02-14 08:47:00.684root 11241100x80000000000000001753128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcf130bf4c561ea2022-02-14 08:47:00.684root 11241100x80000000000000001753129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabc5488f0ad10112022-02-14 08:47:00.684root 11241100x80000000000000001753130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efbab35998330f92022-02-14 08:47:00.684root 11241100x80000000000000001753131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d03ae18e77f21d12022-02-14 08:47:00.684root 11241100x80000000000000001753132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914736879c49cdfb2022-02-14 08:47:00.686root 11241100x80000000000000001753133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bef6700ab2faa372022-02-14 08:47:00.686root 11241100x80000000000000001753134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14db3138088a027d2022-02-14 08:47:00.686root 11241100x80000000000000001753135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476e54597e9c40292022-02-14 08:47:00.686root 11241100x80000000000000001753136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6594b8a66f11dd762022-02-14 08:47:00.687root 11241100x80000000000000001753137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e1ac6496155a6e2022-02-14 08:47:00.687root 11241100x80000000000000001753138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01a029f05c9fd5b2022-02-14 08:47:00.689root 11241100x80000000000000001753139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05de6af58fdfcaec2022-02-14 08:47:00.689root 11241100x80000000000000001753140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfcf5510e39a1d02022-02-14 08:47:00.689root 11241100x80000000000000001753141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ad6b5d36d17a0a2022-02-14 08:47:00.689root 11241100x80000000000000001753142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217c275e8afd40802022-02-14 08:47:00.689root 11241100x80000000000000001753143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02041ddd1f999012022-02-14 08:47:00.689root 11241100x80000000000000001753144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2655f0f641566cc22022-02-14 08:47:00.690root 11241100x80000000000000001753145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3541afa89bb1a892022-02-14 08:47:00.690root 11241100x80000000000000001753146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb8132c7d83e7502022-02-14 08:47:00.690root 11241100x80000000000000001753147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a757b4a996249d002022-02-14 08:47:00.690root 11241100x80000000000000001753148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa040901a8e67d22022-02-14 08:47:00.690root 11241100x80000000000000001753149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8423eee6cb3a072022-02-14 08:47:00.690root 11241100x80000000000000001753150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aee7fdbb7e5095d2022-02-14 08:47:00.690root 11241100x80000000000000001753151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7166ba2e03d7ed3c2022-02-14 08:47:00.690root 11241100x80000000000000001753152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7702a5c78124fafc2022-02-14 08:47:00.690root 11241100x80000000000000001753153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac344663b40189f2022-02-14 08:47:00.691root 11241100x80000000000000001753154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9aeffa5f2772982022-02-14 08:47:00.691root 11241100x80000000000000001753155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a57f981751cba042022-02-14 08:47:00.691root 11241100x80000000000000001753156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524ec24bd978b8a22022-02-14 08:47:00.691root 11241100x80000000000000001753157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10acb90bf0647f4f2022-02-14 08:47:00.691root 11241100x80000000000000001753158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79724c9469b59bc22022-02-14 08:47:00.692root 11241100x80000000000000001753159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a59d684de790abe2022-02-14 08:47:00.692root 11241100x80000000000000001753160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1c0e4fcffef4c12022-02-14 08:47:00.692root 11241100x80000000000000001753161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c071f70affcebef2022-02-14 08:47:00.692root 11241100x80000000000000001753162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab51a4b04ce553162022-02-14 08:47:00.692root 11241100x80000000000000001753163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d1070ea13b1d762022-02-14 08:47:00.692root 11241100x80000000000000001753164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb71056ccf1c1b002022-02-14 08:47:00.692root 11241100x80000000000000001753165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c902707907f3762022-02-14 08:47:00.692root 11241100x80000000000000001753166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a14aeef2970c34b2022-02-14 08:47:00.692root 11241100x80000000000000001753167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063dc996ba0045e72022-02-14 08:47:00.692root 11241100x80000000000000001753168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444e2e6a3a3431882022-02-14 08:47:00.693root 11241100x80000000000000001753169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e06e59f227a4eb2022-02-14 08:47:00.693root 11241100x80000000000000001753170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dea95d6efb486192022-02-14 08:47:00.693root 11241100x80000000000000001753171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:00.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba4be6b2bafc9262022-02-14 08:47:00.693root 11241100x80000000000000001753172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa7d8d632612cda2022-02-14 08:47:01.180root 11241100x80000000000000001753173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1ec008ed113b392022-02-14 08:47:01.180root 11241100x80000000000000001753174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e0f8838cdf2ad12022-02-14 08:47:01.180root 11241100x80000000000000001753175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91c2c03c87620762022-02-14 08:47:01.180root 11241100x80000000000000001753176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d7eeaf0b3ec01e2022-02-14 08:47:01.181root 11241100x80000000000000001753177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cffa851489f3502022-02-14 08:47:01.181root 11241100x80000000000000001753178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80289219633c0f62022-02-14 08:47:01.181root 11241100x80000000000000001753179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65313d245a2865062022-02-14 08:47:01.181root 11241100x80000000000000001753180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bdd20a0a07bdf82022-02-14 08:47:01.181root 11241100x80000000000000001753181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4d1dad79c7812c2022-02-14 08:47:01.182root 11241100x80000000000000001753182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01fd6420c7752f022022-02-14 08:47:01.182root 11241100x80000000000000001753183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d639ac9304323ca92022-02-14 08:47:01.182root 11241100x80000000000000001753184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4bfc24eed386aa2022-02-14 08:47:01.182root 11241100x80000000000000001753185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabd9d16d1d369d42022-02-14 08:47:01.182root 11241100x80000000000000001753186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ce67c9f74527bd2022-02-14 08:47:01.183root 11241100x80000000000000001753187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575174d6d822be442022-02-14 08:47:01.185root 11241100x80000000000000001753188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29eca427a1bb8242022-02-14 08:47:01.186root 11241100x80000000000000001753189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b0c09c342d2fb92022-02-14 08:47:01.186root 11241100x80000000000000001753190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc82b03a3cf488e52022-02-14 08:47:01.186root 11241100x80000000000000001753191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff171e319a335cf2022-02-14 08:47:01.186root 11241100x80000000000000001753192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e3c6a7f25db68f2022-02-14 08:47:01.186root 11241100x80000000000000001753193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afac44568b2ff3f62022-02-14 08:47:01.186root 11241100x80000000000000001753194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cb9dbabeea40fa2022-02-14 08:47:01.186root 11241100x80000000000000001753195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e04f49428cacb02022-02-14 08:47:01.186root 11241100x80000000000000001753196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0a5402a778c06a2022-02-14 08:47:01.186root 11241100x80000000000000001753197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca25fae7190d6b7d2022-02-14 08:47:01.187root 11241100x80000000000000001753198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a67acb431f727eb2022-02-14 08:47:01.187root 11241100x80000000000000001753199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643ca5e526020a5d2022-02-14 08:47:01.187root 11241100x80000000000000001753200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa7ac5900f7a34a2022-02-14 08:47:01.187root 11241100x80000000000000001753201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9854252483d2f5812022-02-14 08:47:01.187root 11241100x80000000000000001753202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69b1998d4af5aef2022-02-14 08:47:01.187root 11241100x80000000000000001753203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ca714f12344ce22022-02-14 08:47:01.187root 11241100x80000000000000001753204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569873ffa7938b092022-02-14 08:47:01.187root 11241100x80000000000000001753205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da623481464995a92022-02-14 08:47:01.187root 11241100x80000000000000001753206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2353ebcaab0c2442022-02-14 08:47:01.187root 11241100x80000000000000001753207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cd12e1d08261302022-02-14 08:47:01.187root 11241100x80000000000000001753208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbe7d478f07ddcb2022-02-14 08:47:01.187root 11241100x80000000000000001753209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c05f53cd3ce5902022-02-14 08:47:01.187root 11241100x80000000000000001753210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86980a72a72a61a2022-02-14 08:47:01.187root 11241100x80000000000000001753211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1137dd2a070e317d2022-02-14 08:47:01.187root 11241100x80000000000000001753212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06fae77939ba55542022-02-14 08:47:01.187root 11241100x80000000000000001753213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c40416db80ee192022-02-14 08:47:01.187root 11241100x80000000000000001753214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7331b2ccce02612022-02-14 08:47:01.188root 11241100x80000000000000001753215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d639771ff7a11982022-02-14 08:47:01.188root 11241100x80000000000000001753216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0df36d0c0caa352022-02-14 08:47:01.188root 11241100x80000000000000001753217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a460ad277c0c5682022-02-14 08:47:01.188root 11241100x80000000000000001753218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b33b4fcd1122c02022-02-14 08:47:01.188root 11241100x80000000000000001753219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e210ba6cec13bca12022-02-14 08:47:01.188root 11241100x80000000000000001753220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e43b82bea0badf2022-02-14 08:47:01.188root 11241100x80000000000000001753221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f79dd7e0235a90f2022-02-14 08:47:01.188root 11241100x80000000000000001753222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2ba3da7a43d93e2022-02-14 08:47:01.188root 11241100x80000000000000001753223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4af2ee4ef7e60c2022-02-14 08:47:01.188root 11241100x80000000000000001753224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d192578754c25002022-02-14 08:47:01.188root 11241100x80000000000000001753225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e683d13977959102022-02-14 08:47:01.188root 11241100x80000000000000001753226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecf189ea88972c92022-02-14 08:47:01.188root 11241100x80000000000000001753227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3e292d6c298f9c2022-02-14 08:47:01.188root 11241100x80000000000000001753228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7105c8f3084a2ea2022-02-14 08:47:01.188root 11241100x80000000000000001753229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db759af485d8c3732022-02-14 08:47:01.188root 11241100x80000000000000001753230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4482bf518c26142022-02-14 08:47:01.189root 11241100x80000000000000001753231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a285ddbfb549092022-02-14 08:47:01.189root 11241100x80000000000000001753232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b228fa9daa740e912022-02-14 08:47:01.189root 11241100x80000000000000001753233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2821eb1fc98d835b2022-02-14 08:47:01.189root 354300x80000000000000001753234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.277{ec2ab09f-0ffc-620a-9056-8714c2550000}735/lib/systemd/systemd-networkd-udptruefalse10.0.1.20-68-false10.0.1.1-67- 11241100x80000000000000001753235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.278{ec2ab09f-0ffc-620a-9056-8714c2550000}735/lib/systemd/systemd-networkd/run/systemd/netif/systemd/netif/.#statekmQuaZ2022-02-14 08:47:01.278systemd-network 534500x80000000000000001753236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.278{ec2ab09f-0ffc-620a-9056-8714c2550000}735/lib/systemd/systemd-networkdsystemd-network 11241100x80000000000000001753237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.278{ec2ab09f-0ffc-620a-9056-8714c2550000}735/lib/systemd/systemd-networkd/run/systemd/netif/systemd/netif/links/.#2BU9HnT2022-02-14 08:47:01.278systemd-network 11241100x80000000000000001753238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.278{ec2ab09f-0ffc-620a-9056-8714c2550000}735/lib/systemd/systemd-networkd/run/systemd/netif/systemd/netif/leases/.#2IY6VAN2022-02-14 08:47:01.278systemd-network 11241100x80000000000000001753239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.278{ec2ab09f-0ffc-620a-9056-8714c2550000}735/lib/systemd/systemd-networkd/run/systemd/netif/systemd/netif/.#statePfyeOH2022-02-14 08:47:01.278systemd-network 11241100x80000000000000001753240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.279{ec2ab09f-0ffc-620a-9056-8714c2550000}735/lib/systemd/systemd-networkd/run/systemd/netif/systemd/netif/links/.#2eIJx1B2022-02-14 08:47:01.279systemd-network 11241100x80000000000000001753241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.279{ec2ab09f-0ffc-620a-9056-8714c2550000}735/lib/systemd/systemd-networkd/run/systemd/netif/systemd/netif/leases/.#21uqRew2022-02-14 08:47:01.279systemd-network 11241100x80000000000000001753242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.279{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolved/run/systemd/resolve/systemd/resolve/.#resolv.confDURE4h2022-02-14 08:47:01.279systemd-resolve 11241100x80000000000000001753243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.279{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolved/run/systemd/resolve/systemd/resolve/.#stub-resolv.confwyE1hc2022-02-14 08:47:01.279systemd-resolve 11241100x80000000000000001753244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.280{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolved/run/systemd/resolve/systemd/resolve/.#resolv.confBHdwv62022-02-14 08:47:01.280systemd-resolve 11241100x80000000000000001753245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.280{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolved/run/systemd/resolve/systemd/resolve/.#stub-resolv.confqEk1I02022-02-14 08:47:01.280systemd-resolve 354300x80000000000000001753246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.279{ec2ab09f-0ffa-620a-7056-524559550000}675/lib/systemd/systemd-timesyncdsystemd-timesyncudptruefalse10.0.1.20-59475-false169.254.169.123-123- 11241100x80000000000000001753247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5debccafc90c399b2022-02-14 08:47:01.680root 11241100x80000000000000001753248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71707bc51f8da012022-02-14 08:47:01.680root 11241100x80000000000000001753249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c66c53ecdaf90e2022-02-14 08:47:01.680root 11241100x80000000000000001753250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bdfdf6bc4a6db92022-02-14 08:47:01.680root 11241100x80000000000000001753251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7506945e2add7902022-02-14 08:47:01.681root 11241100x80000000000000001753252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0f9545ce0e2d522022-02-14 08:47:01.681root 11241100x80000000000000001753253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf07b573ee8a0d92022-02-14 08:47:01.681root 11241100x80000000000000001753254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c75fde4e802a2162022-02-14 08:47:01.681root 11241100x80000000000000001753255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f83ff8f1b9ded5b2022-02-14 08:47:01.681root 11241100x80000000000000001753256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb7940dd1e542062022-02-14 08:47:01.681root 11241100x80000000000000001753257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45b109dbb547ac42022-02-14 08:47:01.681root 11241100x80000000000000001753258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c628ba1a0ee91e22022-02-14 08:47:01.681root 11241100x80000000000000001753259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87101a86bf3279fb2022-02-14 08:47:01.682root 11241100x80000000000000001753260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548c9292223013532022-02-14 08:47:01.682root 11241100x80000000000000001753261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a415c91cf0edfe2022-02-14 08:47:01.682root 11241100x80000000000000001753262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47b19288cc8ed5c2022-02-14 08:47:01.682root 11241100x80000000000000001753263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ed22c47ac1f8262022-02-14 08:47:01.682root 11241100x80000000000000001753264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9e5e6f541ad2c82022-02-14 08:47:01.682root 11241100x80000000000000001753265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cecfedbb75e4a462022-02-14 08:47:01.682root 11241100x80000000000000001753266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee118de2c71f3572022-02-14 08:47:01.682root 11241100x80000000000000001753267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d516b3ef840996ac2022-02-14 08:47:01.682root 11241100x80000000000000001753268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4c40284e3359242022-02-14 08:47:01.682root 11241100x80000000000000001753269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65eaf3be551d053b2022-02-14 08:47:01.682root 11241100x80000000000000001753270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ca1d76a16fa6322022-02-14 08:47:01.682root 11241100x80000000000000001753271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96b662d040e76682022-02-14 08:47:01.682root 11241100x80000000000000001753272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5b7fb2837e868c2022-02-14 08:47:01.682root 11241100x80000000000000001753273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7250652611b24762022-02-14 08:47:01.682root 11241100x80000000000000001753274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68ebe1b7772dba72022-02-14 08:47:01.683root 11241100x80000000000000001753275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b756501d58c18d2022-02-14 08:47:01.683root 11241100x80000000000000001753276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8572c5ec53f960752022-02-14 08:47:01.683root 11241100x80000000000000001753277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5facafb2e96a609c2022-02-14 08:47:01.683root 11241100x80000000000000001753278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6757aa9d04b677d2022-02-14 08:47:01.683root 11241100x80000000000000001753279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94292cf980c458782022-02-14 08:47:01.683root 11241100x80000000000000001753280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d92df851c005b32022-02-14 08:47:01.683root 11241100x80000000000000001753281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861ef4b382d357e12022-02-14 08:47:01.683root 11241100x80000000000000001753282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba1ef823742a53d2022-02-14 08:47:01.683root 11241100x80000000000000001753283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23fcefd80960e392022-02-14 08:47:01.683root 11241100x80000000000000001753284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40abd8e21d171b4a2022-02-14 08:47:01.684root 11241100x80000000000000001753285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9204d0371458605c2022-02-14 08:47:01.684root 11241100x80000000000000001753286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029da7ec4a0f79172022-02-14 08:47:01.684root 11241100x80000000000000001753287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26e993816abf5232022-02-14 08:47:01.684root 11241100x80000000000000001753288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671639aa8e0be4d72022-02-14 08:47:01.684root 11241100x80000000000000001753289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b8a20d5fe057172022-02-14 08:47:01.684root 11241100x80000000000000001753290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbca2aa12310679b2022-02-14 08:47:01.686root 11241100x80000000000000001753291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bbc1d4c500150e2022-02-14 08:47:01.686root 11241100x80000000000000001753292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61f31797312bcc22022-02-14 08:47:01.686root 11241100x80000000000000001753293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebfcc006d90e9032022-02-14 08:47:01.687root 11241100x80000000000000001753294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c4392e566faf4e2022-02-14 08:47:01.687root 11241100x80000000000000001753295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf47b46b5854d1e42022-02-14 08:47:01.687root 11241100x80000000000000001753296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e5a7fbf02e74132022-02-14 08:47:01.687root 11241100x80000000000000001753297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae30371d6c556f62022-02-14 08:47:01.688root 11241100x80000000000000001753298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b64a8b12e153d392022-02-14 08:47:01.689root 11241100x80000000000000001753299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351a98a156943b562022-02-14 08:47:01.689root 11241100x80000000000000001753300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75116041b2d2ed792022-02-14 08:47:01.689root 11241100x80000000000000001753301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3609bbd1208f8dc2022-02-14 08:47:01.690root 11241100x80000000000000001753302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce04e35e7bba9dea2022-02-14 08:47:01.690root 11241100x80000000000000001753303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6751f538e16ada2022-02-14 08:47:01.690root 11241100x80000000000000001753304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7cff15f7711b9c2022-02-14 08:47:01.690root 11241100x80000000000000001753305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f563f5a2be49ecb32022-02-14 08:47:01.691root 11241100x80000000000000001753306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffb5f006934377d2022-02-14 08:47:01.692root 11241100x80000000000000001753307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f322b73b0116488a2022-02-14 08:47:01.692root 11241100x80000000000000001753308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328fc9c6448f125f2022-02-14 08:47:01.693root 11241100x80000000000000001753309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680cf3ad8b6313d92022-02-14 08:47:01.693root 11241100x80000000000000001753310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a292bbb91d771412022-02-14 08:47:01.694root 11241100x80000000000000001753311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9046e86f4bf88272022-02-14 08:47:01.694root 11241100x80000000000000001753312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f80da1c999f2672022-02-14 08:47:01.694root 11241100x80000000000000001753313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe9ae307f44a38a2022-02-14 08:47:01.694root 11241100x80000000000000001753314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14af9eaa5b305482022-02-14 08:47:01.694root 11241100x80000000000000001753315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502befcd4fdfb0362022-02-14 08:47:01.694root 11241100x80000000000000001753316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a98a7fc44553542022-02-14 08:47:01.694root 11241100x80000000000000001753317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cff5899bf1f67b52022-02-14 08:47:01.694root 11241100x80000000000000001753318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cbae453b2824db2022-02-14 08:47:01.695root 11241100x80000000000000001753319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951ed229c12073442022-02-14 08:47:01.695root 11241100x80000000000000001753320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247818d85cb08ea02022-02-14 08:47:01.695root 11241100x80000000000000001753321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf2acd55a83b6e12022-02-14 08:47:01.695root 11241100x80000000000000001753322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca00b834e5937922022-02-14 08:47:01.695root 11241100x80000000000000001753323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7393d56484f38e9d2022-02-14 08:47:01.695root 11241100x80000000000000001753324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6134b5817ceaa3b62022-02-14 08:47:01.695root 11241100x80000000000000001753325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde43db582c152732022-02-14 08:47:01.695root 11241100x80000000000000001753326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c4db472c224b1f2022-02-14 08:47:01.696root 11241100x80000000000000001753327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0e55fdf8e55f712022-02-14 08:47:01.696root 11241100x80000000000000001753328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dd3398b2d633f62022-02-14 08:47:01.696root 11241100x80000000000000001753329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f08af06766876722022-02-14 08:47:01.696root 11241100x80000000000000001753330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3fa0e641d193a72022-02-14 08:47:01.696root 11241100x80000000000000001753331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d107a898915d14832022-02-14 08:47:01.696root 11241100x80000000000000001753332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced88fa1fd383d312022-02-14 08:47:01.696root 11241100x80000000000000001753333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447a0c4b31ebe9aa2022-02-14 08:47:01.697root 11241100x80000000000000001753334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d3a679e210c3e92022-02-14 08:47:01.697root 11241100x80000000000000001753335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ee99bc7dfe89062022-02-14 08:47:01.697root 11241100x80000000000000001753336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0275de725dfc18ae2022-02-14 08:47:01.697root 11241100x80000000000000001753337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14afd15b76f92d2c2022-02-14 08:47:01.697root 11241100x80000000000000001753338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcda499695dc23f2022-02-14 08:47:01.699root 11241100x80000000000000001753339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d21451fb6c76d42022-02-14 08:47:01.699root 11241100x80000000000000001753340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304660c4a0d2da9c2022-02-14 08:47:01.699root 11241100x80000000000000001753341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d005a9ddddc03822022-02-14 08:47:01.700root 11241100x80000000000000001753342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f522dac3d0d963312022-02-14 08:47:01.700root 11241100x80000000000000001753343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca914ea8527c0a82022-02-14 08:47:01.700root 11241100x80000000000000001753344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfd6a0b8f9518892022-02-14 08:47:01.701root 11241100x80000000000000001753345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff77522e61004582022-02-14 08:47:01.701root 11241100x80000000000000001753346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c674193211df232022-02-14 08:47:01.701root 11241100x80000000000000001753347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56759f698c98e60c2022-02-14 08:47:01.701root 11241100x80000000000000001753348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fcf7c0338e43dab2022-02-14 08:47:01.701root 11241100x80000000000000001753349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31248eb4ec4a4f82022-02-14 08:47:01.702root 11241100x80000000000000001753350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1545eb3ea40746b72022-02-14 08:47:01.702root 11241100x80000000000000001753351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44575eda6f7eb8d2022-02-14 08:47:01.702root 11241100x80000000000000001753352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c713068af68f4e02022-02-14 08:47:01.702root 11241100x80000000000000001753353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154f88dd25e8af632022-02-14 08:47:01.702root 11241100x80000000000000001753354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8a36c909424a082022-02-14 08:47:01.702root 11241100x80000000000000001753355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045072c43b0ccf4c2022-02-14 08:47:01.702root 11241100x80000000000000001753356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673a57496d679aa72022-02-14 08:47:01.702root 11241100x80000000000000001753357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6921d2ecf18b7ef2022-02-14 08:47:01.703root 11241100x80000000000000001753358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bceedf7c455634c2022-02-14 08:47:01.703root 11241100x80000000000000001753359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42610302ad0c51d02022-02-14 08:47:01.703root 11241100x80000000000000001753360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e413ee0893d6cd2022-02-14 08:47:01.703root 11241100x80000000000000001753361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9e9b391f4825842022-02-14 08:47:01.703root 11241100x80000000000000001753362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8ec3dac811afd02022-02-14 08:47:01.703root 11241100x80000000000000001753363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64d37dc1f8e6f8e2022-02-14 08:47:01.703root 11241100x80000000000000001753364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47aae1a9dbc29e042022-02-14 08:47:01.704root 11241100x80000000000000001753365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0859398d97162ee2022-02-14 08:47:01.704root 11241100x80000000000000001753366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c088a7b4c421aa2022-02-14 08:47:01.704root 11241100x80000000000000001753367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3047672edffcaf592022-02-14 08:47:01.705root 11241100x80000000000000001753368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80c049c18b8ba152022-02-14 08:47:01.705root 11241100x80000000000000001753369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ce32cbebace4502022-02-14 08:47:01.705root 11241100x80000000000000001753370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485bec73e39b815e2022-02-14 08:47:01.705root 11241100x80000000000000001753371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08725b246b097df32022-02-14 08:47:01.705root 11241100x80000000000000001753372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc8a6fb4aa3cbc32022-02-14 08:47:01.706root 11241100x80000000000000001753373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2c42060474c33a2022-02-14 08:47:01.706root 11241100x80000000000000001753374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29c926c098dac292022-02-14 08:47:01.706root 11241100x80000000000000001753375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025812f725b749ac2022-02-14 08:47:01.706root 11241100x80000000000000001753376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5a8202be607aca2022-02-14 08:47:01.706root 11241100x80000000000000001753377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.707{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10538c07679476c2022-02-14 08:47:01.707root 11241100x80000000000000001753378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.707{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07170318458721892022-02-14 08:47:01.707root 11241100x80000000000000001753379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.707{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b005a5cad1dff0132022-02-14 08:47:01.707root 11241100x80000000000000001753380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.707{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3287e8135c9a67c62022-02-14 08:47:01.707root 11241100x80000000000000001753381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.707{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1154dad4dc9913302022-02-14 08:47:01.707root 11241100x80000000000000001753382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.708{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fa7d7e5d8f7ed22022-02-14 08:47:01.708root 11241100x80000000000000001753383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.708{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6c452d2967cfc92022-02-14 08:47:01.708root 11241100x80000000000000001753384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.708{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6423df75c6dc08d32022-02-14 08:47:01.708root 11241100x80000000000000001753385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.708{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc008716f936f0d52022-02-14 08:47:01.708root 11241100x80000000000000001753386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.708{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89188ab81246cfb92022-02-14 08:47:01.708root 11241100x80000000000000001753387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.709{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d912a1b8cfb9d02022-02-14 08:47:01.709root 11241100x80000000000000001753388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.709{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e26c4375eb0fb192022-02-14 08:47:01.709root 11241100x80000000000000001753389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.709{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd25b91f5c66ee72022-02-14 08:47:01.709root 11241100x80000000000000001753390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330d0e8adcafa8db2022-02-14 08:47:01.710root 11241100x80000000000000001753391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9698028d585f91e22022-02-14 08:47:01.710root 11241100x80000000000000001753392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24f95f8b66241e32022-02-14 08:47:01.710root 11241100x80000000000000001753393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17322d06546e62b2022-02-14 08:47:01.710root 11241100x80000000000000001753394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2259dfb04e5b50512022-02-14 08:47:01.710root 11241100x80000000000000001753395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.711{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96872f0e13d55872022-02-14 08:47:01.711root 11241100x80000000000000001753396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.711{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601948abdaf724e12022-02-14 08:47:01.711root 11241100x80000000000000001753397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.711{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0541173074a5a1df2022-02-14 08:47:01.711root 11241100x80000000000000001753398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.711{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24da78eff40ae01d2022-02-14 08:47:01.711root 11241100x80000000000000001753399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.711{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8849de0c5d26fc82022-02-14 08:47:01.711root 11241100x80000000000000001753400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.712{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe95a4426dc389a2022-02-14 08:47:01.712root 11241100x80000000000000001753401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.712{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f502da90d46a4a32022-02-14 08:47:01.712root 11241100x80000000000000001753402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.713{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b505113d7f9e432022-02-14 08:47:01.713root 11241100x80000000000000001753403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.713{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580a8c52996080562022-02-14 08:47:01.713root 11241100x80000000000000001753404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.713{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7572a24375135892022-02-14 08:47:01.713root 11241100x80000000000000001753405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.713{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc65a88fb8601cb72022-02-14 08:47:01.713root 11241100x80000000000000001753406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.714{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ccad673b4bf71b2022-02-14 08:47:01.714root 11241100x80000000000000001753407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.714{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc38e7287997318d2022-02-14 08:47:01.714root 11241100x80000000000000001753408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922f47f2157e5e2c2022-02-14 08:47:01.715root 11241100x80000000000000001753409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9e08de46f267792022-02-14 08:47:01.715root 11241100x80000000000000001753410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247e731da05c66b22022-02-14 08:47:01.715root 11241100x80000000000000001753411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.716{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7eb5bee56c039342022-02-14 08:47:01.716root 11241100x80000000000000001753412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.716{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd8d9a4bf7572422022-02-14 08:47:01.716root 11241100x80000000000000001753413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.716{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462c4235c0a55b722022-02-14 08:47:01.716root 11241100x80000000000000001753414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.716{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2fcd12e1ae76552022-02-14 08:47:01.716root 11241100x80000000000000001753415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.717{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9717873a88ca04102022-02-14 08:47:01.717root 11241100x80000000000000001753416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.717{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f536645e77e0b092022-02-14 08:47:01.717root 11241100x80000000000000001753417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.718{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f829a938a0236afb2022-02-14 08:47:01.718root 11241100x80000000000000001753418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.718{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbdea32aab3331e2022-02-14 08:47:01.718root 11241100x80000000000000001753419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.718{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee93f315c776b62c2022-02-14 08:47:01.718root 11241100x80000000000000001753420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.719{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4609757f1aa57a62022-02-14 08:47:01.719root 11241100x80000000000000001753421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.719{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544f579520c6445b2022-02-14 08:47:01.719root 11241100x80000000000000001753422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad363269f11912552022-02-14 08:47:01.720root 11241100x80000000000000001753423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1abd4bc23c61d62022-02-14 08:47:01.720root 11241100x80000000000000001753424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3249e54e7c4576612022-02-14 08:47:01.720root 11241100x80000000000000001753425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5793cbef8c3491a2022-02-14 08:47:01.721root 11241100x80000000000000001753426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e830af9fbd4abfc2022-02-14 08:47:01.721root 11241100x80000000000000001753427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b35b0ef2cdb6bc2022-02-14 08:47:01.721root 11241100x80000000000000001753428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.722{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17722c2a03acbae2022-02-14 08:47:01.722root 11241100x80000000000000001753429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.722{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98be5ddad126bdae2022-02-14 08:47:01.722root 11241100x80000000000000001753430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.722{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259040116128b04f2022-02-14 08:47:01.722root 11241100x80000000000000001753431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.722{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60284f8dba612f62022-02-14 08:47:01.722root 11241100x80000000000000001753432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.722{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6abc6bcfad3e562022-02-14 08:47:01.722root 11241100x80000000000000001753433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.723{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef368ae161b4c0152022-02-14 08:47:01.723root 11241100x80000000000000001753434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.723{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131b907aac89fb052022-02-14 08:47:01.723root 11241100x80000000000000001753435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.723{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c771623be16c7f2022-02-14 08:47:01.723root 11241100x80000000000000001753436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e13fdceabd40e72022-02-14 08:47:01.724root 11241100x80000000000000001753437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92dc4d197acad6232022-02-14 08:47:01.724root 11241100x80000000000000001753438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b48fb15156a91b2022-02-14 08:47:01.724root 11241100x80000000000000001753439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2dc8064cfd84712022-02-14 08:47:01.724root 11241100x80000000000000001753440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.725{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5278d88ed7016622022-02-14 08:47:01.725root 11241100x80000000000000001753441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.725{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9eeb2d63f4248412022-02-14 08:47:01.725root 11241100x80000000000000001753442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e968862c561ba8d2022-02-14 08:47:01.726root 11241100x80000000000000001753443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c68711f35a17662022-02-14 08:47:01.726root 11241100x80000000000000001753444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf848f08bc3b2cc72022-02-14 08:47:01.726root 11241100x80000000000000001753445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be520ab2aa880182022-02-14 08:47:01.726root 11241100x80000000000000001753446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157f53ec0e0f5d152022-02-14 08:47:01.726root 11241100x80000000000000001753447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208dc0c0f44a3aa02022-02-14 08:47:01.726root 11241100x80000000000000001753448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50ea2f77fd28c272022-02-14 08:47:01.726root 11241100x80000000000000001753449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71253f9c3dc04612022-02-14 08:47:01.726root 11241100x80000000000000001753450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92141528ad72c3042022-02-14 08:47:01.726root 11241100x80000000000000001753451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d24597b05063352022-02-14 08:47:01.726root 11241100x80000000000000001753452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a582dbb36bbf42b02022-02-14 08:47:01.726root 11241100x80000000000000001753453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1b8e6765b6f7c02022-02-14 08:47:01.726root 11241100x80000000000000001753454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d49b2f40423dc482022-02-14 08:47:01.726root 11241100x80000000000000001753455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e98a68456d90d192022-02-14 08:47:01.727root 11241100x80000000000000001753456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5151721219f5eb812022-02-14 08:47:01.727root 11241100x80000000000000001753457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8904a370adb88cf92022-02-14 08:47:01.727root 11241100x80000000000000001753458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d8d003f89b1e492022-02-14 08:47:01.727root 11241100x80000000000000001753459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31834c7331da719a2022-02-14 08:47:01.727root 11241100x80000000000000001753460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b94df13bad20ce92022-02-14 08:47:01.727root 11241100x80000000000000001753461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5e7cb600ca211c2022-02-14 08:47:01.727root 11241100x80000000000000001753462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a76cf9fcb076fd12022-02-14 08:47:01.727root 11241100x80000000000000001753463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1405a75d869bad2022-02-14 08:47:01.727root 11241100x80000000000000001753464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef42a02fe84fe782022-02-14 08:47:01.727root 11241100x80000000000000001753465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806c450397bd55802022-02-14 08:47:01.727root 11241100x80000000000000001753466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cab8b37fc388472022-02-14 08:47:01.727root 11241100x80000000000000001753467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9920873ffc66692022-02-14 08:47:01.727root 11241100x80000000000000001753468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e0b286e738449a2022-02-14 08:47:01.727root 11241100x80000000000000001753469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0bf49d05856ce02022-02-14 08:47:01.727root 11241100x80000000000000001753470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5926a6855c30def02022-02-14 08:47:01.728root 11241100x80000000000000001753471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cdb930c960d2ce2022-02-14 08:47:01.730root 11241100x80000000000000001753472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96b0dbe080ccc992022-02-14 08:47:01.730root 11241100x80000000000000001753473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00442f48ae0a4b52022-02-14 08:47:01.730root 11241100x80000000000000001753474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b628ab155055ec2022-02-14 08:47:01.730root 11241100x80000000000000001753475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d672942a772444c2022-02-14 08:47:01.730root 11241100x80000000000000001753476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d482d4e06a2f66e22022-02-14 08:47:01.730root 11241100x80000000000000001753477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c433f15c2c89fa382022-02-14 08:47:01.730root 11241100x80000000000000001753478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb30b89351159d02022-02-14 08:47:01.731root 11241100x80000000000000001753479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c57b6d84150be4a2022-02-14 08:47:01.731root 11241100x80000000000000001753480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c26af9ffa8339ab2022-02-14 08:47:01.731root 11241100x80000000000000001753481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4698e348ddd57b2022-02-14 08:47:01.731root 11241100x80000000000000001753482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0543534df76d86af2022-02-14 08:47:01.731root 11241100x80000000000000001753483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9f0161a292e07a2022-02-14 08:47:01.731root 11241100x80000000000000001753484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d541b1617bdfc32022-02-14 08:47:01.731root 11241100x80000000000000001753485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4260b9ea15412dc62022-02-14 08:47:01.732root 11241100x80000000000000001753486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcb9ade75b88ae02022-02-14 08:47:01.732root 11241100x80000000000000001753487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d9bfe70d6b7bb52022-02-14 08:47:01.732root 11241100x80000000000000001753488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c321a3a15ea95e2022-02-14 08:47:01.732root 11241100x80000000000000001753489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.733{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a0bf72aba638d52022-02-14 08:47:01.733root 11241100x80000000000000001753490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.733{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c85e8e08133ec52022-02-14 08:47:01.733root 11241100x80000000000000001753491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.733{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11282e70f20fddf82022-02-14 08:47:01.733root 11241100x80000000000000001753492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f699bdc0beee78a2022-02-14 08:47:01.734root 11241100x80000000000000001753493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e7b241a0bf0dcf2022-02-14 08:47:01.734root 11241100x80000000000000001753494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb3c2b67fc515882022-02-14 08:47:01.735root 11241100x80000000000000001753495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedad029e7e0c5b02022-02-14 08:47:01.735root 11241100x80000000000000001753496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28013e1bf5b6af5f2022-02-14 08:47:01.735root 11241100x80000000000000001753497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f2bdaee0c5175a2022-02-14 08:47:01.736root 11241100x80000000000000001753498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02858c29c563acda2022-02-14 08:47:01.736root 11241100x80000000000000001753499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c9731ef537c6b52022-02-14 08:47:01.736root 11241100x80000000000000001753500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8c15e9535271452022-02-14 08:47:01.736root 11241100x80000000000000001753501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e790b0a66dca702022-02-14 08:47:01.736root 11241100x80000000000000001753502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa715e8cfd4d6742022-02-14 08:47:01.736root 11241100x80000000000000001753503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6688b33382a6bf862022-02-14 08:47:01.736root 11241100x80000000000000001753504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed9628ecf1f7add2022-02-14 08:47:01.736root 11241100x80000000000000001753505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.737{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f82288cc8492bd82022-02-14 08:47:01.737root 11241100x80000000000000001753506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.737{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cafe1e3e4096ef82022-02-14 08:47:01.737root 11241100x80000000000000001753507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.737{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a4cbd42f67b4de2022-02-14 08:47:01.737root 11241100x80000000000000001753508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.737{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cb57c483f3c6ba2022-02-14 08:47:01.737root 11241100x80000000000000001753509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.737{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e36751cd43475682022-02-14 08:47:01.737root 11241100x80000000000000001753510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.738{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3b5ce98ad9aa0a2022-02-14 08:47:01.738root 11241100x80000000000000001753511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.738{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0284e87ca6aca22022-02-14 08:47:01.738root 11241100x80000000000000001753512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.738{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cf6e92eaa83a2a2022-02-14 08:47:01.738root 11241100x80000000000000001753513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.738{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeed3f69953b08bb2022-02-14 08:47:01.738root 11241100x80000000000000001753514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.738{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a18fe43b0995662022-02-14 08:47:01.738root 11241100x80000000000000001753515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecadb3589a94157d2022-02-14 08:47:01.739root 11241100x80000000000000001753516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65337b16001486212022-02-14 08:47:01.739root 11241100x80000000000000001753517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce5b85d15fa0fae2022-02-14 08:47:01.739root 11241100x80000000000000001753518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689857d1570b434b2022-02-14 08:47:01.739root 11241100x80000000000000001753519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25987dd5bc4663ec2022-02-14 08:47:01.739root 11241100x80000000000000001753520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1dc7da5d22f79e2022-02-14 08:47:01.739root 11241100x80000000000000001753521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855b65d03d6a8d0c2022-02-14 08:47:01.739root 11241100x80000000000000001753522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b45087de56e3ace2022-02-14 08:47:01.739root 11241100x80000000000000001753523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52847e1b793342342022-02-14 08:47:01.739root 11241100x80000000000000001753524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ce4c6d282262d32022-02-14 08:47:01.740root 11241100x80000000000000001753525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c355ad1b21e653c2022-02-14 08:47:01.740root 11241100x80000000000000001753526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbbb46a4e593d172022-02-14 08:47:01.740root 11241100x80000000000000001753527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bdeb1dc0ecf5d42022-02-14 08:47:01.740root 11241100x80000000000000001753528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c16e77acff2de82022-02-14 08:47:01.740root 11241100x80000000000000001753529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf808c660d496d0a2022-02-14 08:47:01.740root 11241100x80000000000000001753530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d139254541a6a92022-02-14 08:47:01.740root 11241100x80000000000000001753531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c5cbf5931adadc2022-02-14 08:47:01.740root 11241100x80000000000000001753532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8521450faef16cf62022-02-14 08:47:01.740root 11241100x80000000000000001753533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cca57dbfe07a0ce2022-02-14 08:47:01.740root 11241100x80000000000000001753534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3117f272afd1e4b72022-02-14 08:47:01.740root 11241100x80000000000000001753535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48591e50ed63a3f22022-02-14 08:47:01.740root 11241100x80000000000000001753536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c86b60dad152a02022-02-14 08:47:01.740root 11241100x80000000000000001753537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3f64532825b0802022-02-14 08:47:01.740root 11241100x80000000000000001753538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f13f46b33a30e642022-02-14 08:47:01.741root 11241100x80000000000000001753539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ec64bf58accdc12022-02-14 08:47:01.741root 11241100x80000000000000001753540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28654c90ad3315032022-02-14 08:47:01.741root 11241100x80000000000000001753541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d2dd36dbb18db52022-02-14 08:47:01.741root 11241100x80000000000000001753542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69262a4dab421132022-02-14 08:47:01.741root 11241100x80000000000000001753543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fd9247630fd25b2022-02-14 08:47:01.741root 11241100x80000000000000001753544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503581ab1ee2d5212022-02-14 08:47:01.741root 11241100x80000000000000001753545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3454e3a372ad7ff22022-02-14 08:47:01.741root 11241100x80000000000000001753546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df64ab669cc3ed372022-02-14 08:47:01.741root 11241100x80000000000000001753547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca34696848a71ef2022-02-14 08:47:01.741root 11241100x80000000000000001753548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2557001c35d0f92022-02-14 08:47:01.741root 11241100x80000000000000001753549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db651f90548f4d52022-02-14 08:47:01.741root 11241100x80000000000000001753550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b80f0ed1a88b4eb2022-02-14 08:47:01.741root 11241100x80000000000000001753551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2778683089cda92022-02-14 08:47:01.742root 11241100x80000000000000001753552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8a5ad665103f672022-02-14 08:47:01.742root 11241100x80000000000000001753553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43f9993e4e9716c2022-02-14 08:47:01.742root 11241100x80000000000000001753554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf7910bf05f15212022-02-14 08:47:01.742root 11241100x80000000000000001753555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b1f10b57e0e2a22022-02-14 08:47:01.742root 11241100x80000000000000001753556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4821e3c2c249342f2022-02-14 08:47:01.742root 11241100x80000000000000001753557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40be6f1d97534ceb2022-02-14 08:47:01.742root 11241100x80000000000000001753558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b19ba1e1a0f87692022-02-14 08:47:01.742root 11241100x80000000000000001753559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca99d828fe7bbac2022-02-14 08:47:01.742root 11241100x80000000000000001753560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044c34bfcfeab3512022-02-14 08:47:01.742root 11241100x80000000000000001753561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657168d713ec7c982022-02-14 08:47:01.742root 11241100x80000000000000001753562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5417a83c31c788322022-02-14 08:47:01.742root 11241100x80000000000000001753563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf8bf540a931f4c2022-02-14 08:47:01.742root 11241100x80000000000000001753564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a200ce1f513b0af2022-02-14 08:47:01.742root 11241100x80000000000000001753565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb6a9544f83b7ca2022-02-14 08:47:01.742root 11241100x80000000000000001753566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.743{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fe6878a322f3b02022-02-14 08:47:01.743root 11241100x80000000000000001753567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.743{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0dbaa233285d762022-02-14 08:47:01.743root 11241100x80000000000000001753568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.743{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99613d236a1ebd62022-02-14 08:47:01.743root 11241100x80000000000000001753569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.743{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf216a9328bb78d2022-02-14 08:47:01.743root 11241100x80000000000000001753570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.743{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67deb1f5f73b95372022-02-14 08:47:01.743root 11241100x80000000000000001753571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.743{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41feba3c46debf732022-02-14 08:47:01.743root 11241100x80000000000000001753572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.743{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d34115a8c4dafb32022-02-14 08:47:01.743root 11241100x80000000000000001753573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.743{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3564da5f9f2cf2382022-02-14 08:47:01.743root 11241100x80000000000000001753574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.743{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5405ccd99ad5a82022-02-14 08:47:01.743root 11241100x80000000000000001753575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.743{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0c08cc1c78ee702022-02-14 08:47:01.743root 11241100x80000000000000001753576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.743{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cef043cc03eb40c2022-02-14 08:47:01.743root 11241100x80000000000000001753577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.744{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadfbc3087454efc2022-02-14 08:47:01.744root 11241100x80000000000000001753578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.744{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ed81ebbcafc6c92022-02-14 08:47:01.744root 11241100x80000000000000001753579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b717f5031472612022-02-14 08:47:01.745root 11241100x80000000000000001753580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919853289286528b2022-02-14 08:47:01.745root 11241100x80000000000000001753581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b2d09affb468702022-02-14 08:47:01.745root 11241100x80000000000000001753582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15818f90b4d75cfb2022-02-14 08:47:01.745root 11241100x80000000000000001753583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0066173dccb61d152022-02-14 08:47:01.745root 11241100x80000000000000001753584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3a3b41dce5010c2022-02-14 08:47:01.745root 11241100x80000000000000001753585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5b18d43095aa1b2022-02-14 08:47:01.746root 11241100x80000000000000001753586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5767159a8bd3ec32022-02-14 08:47:01.746root 11241100x80000000000000001753587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0124b0d3f3f28572022-02-14 08:47:01.746root 11241100x80000000000000001753588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7377c325549afa2022-02-14 08:47:01.746root 11241100x80000000000000001753589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659a18ccda79d0562022-02-14 08:47:01.746root 11241100x80000000000000001753590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d0ea68620c86362022-02-14 08:47:01.746root 11241100x80000000000000001753591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0605027d6a5bea2022-02-14 08:47:01.746root 11241100x80000000000000001753592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cd6ddecf7622ed2022-02-14 08:47:01.747root 11241100x80000000000000001753593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c475601433e454862022-02-14 08:47:01.747root 11241100x80000000000000001753594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b76c5abd5e05952022-02-14 08:47:01.747root 11241100x80000000000000001753595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e44bd97dbe4f932022-02-14 08:47:01.747root 11241100x80000000000000001753596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7e2ec7d7adbe452022-02-14 08:47:01.747root 11241100x80000000000000001753597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3341ad69cf40c8a2022-02-14 08:47:01.747root 11241100x80000000000000001753598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bded47f8d4130b2022-02-14 08:47:01.747root 11241100x80000000000000001753599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131732c0bb1690ea2022-02-14 08:47:01.747root 11241100x80000000000000001753600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620b778772c24dd02022-02-14 08:47:01.747root 11241100x80000000000000001753601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420b1881f5ef87232022-02-14 08:47:01.747root 11241100x80000000000000001753602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211909ad81405fe12022-02-14 08:47:01.747root 11241100x80000000000000001753603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81e521d28d31ed32022-02-14 08:47:01.747root 11241100x80000000000000001753604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0a5bf2a555516a2022-02-14 08:47:01.747root 11241100x80000000000000001753605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c27a6a6959605642022-02-14 08:47:01.747root 11241100x80000000000000001753606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3ffbe74cc84b122022-02-14 08:47:01.748root 11241100x80000000000000001753607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dab0f53bdf04c2b2022-02-14 08:47:01.748root 11241100x80000000000000001753608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d3bb5a8932775e2022-02-14 08:47:01.748root 11241100x80000000000000001753609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56091dd4fbf296512022-02-14 08:47:01.748root 11241100x80000000000000001753610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10932931edafe3f42022-02-14 08:47:01.748root 11241100x80000000000000001753611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9241e97378a06dc02022-02-14 08:47:01.748root 11241100x80000000000000001753612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc48dba449522e5e2022-02-14 08:47:01.748root 11241100x80000000000000001753613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f906505ee865262022-02-14 08:47:01.748root 11241100x80000000000000001753614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241c17b84eae8ad42022-02-14 08:47:01.748root 11241100x80000000000000001753615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c899b6127b72122a2022-02-14 08:47:01.748root 11241100x80000000000000001753616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502dd1dd7f1ea1c52022-02-14 08:47:01.748root 11241100x80000000000000001753617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbdf38ae86795d52022-02-14 08:47:01.748root 11241100x80000000000000001753618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8771a9bd4bd3ffad2022-02-14 08:47:01.748root 11241100x80000000000000001753619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a5689ff5b814252022-02-14 08:47:01.748root 11241100x80000000000000001753620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6037df772c83a17e2022-02-14 08:47:01.748root 11241100x80000000000000001753621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108058d8e61769a62022-02-14 08:47:01.749root 11241100x80000000000000001753622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db914ca0fd5768442022-02-14 08:47:01.749root 11241100x80000000000000001753623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6a7cc7ee0d5ccb2022-02-14 08:47:01.749root 11241100x80000000000000001753624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c66c65543bec10e2022-02-14 08:47:01.749root 11241100x80000000000000001753625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d090f3d4ae1451a2022-02-14 08:47:01.749root 11241100x80000000000000001753626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377de5c5e661db0b2022-02-14 08:47:01.749root 11241100x80000000000000001753627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9c438dff72b6af2022-02-14 08:47:01.749root 11241100x80000000000000001753628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6761fd3d27ad802022-02-14 08:47:01.749root 11241100x80000000000000001753629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecac78e9d2b15ef2022-02-14 08:47:01.749root 11241100x80000000000000001753630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727bf7b01c2f9d072022-02-14 08:47:01.749root 11241100x80000000000000001753631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a712e85dc3683d5b2022-02-14 08:47:01.749root 11241100x80000000000000001753632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9453d346937acace2022-02-14 08:47:01.749root 11241100x80000000000000001753633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec0c4419bc508da2022-02-14 08:47:01.749root 11241100x80000000000000001753634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcaeab50ad3cf0f72022-02-14 08:47:01.749root 11241100x80000000000000001753635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.750{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5634ece6059fb92c2022-02-14 08:47:01.750root 11241100x80000000000000001753636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.750{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90baadcad2b55ff12022-02-14 08:47:01.750root 11241100x80000000000000001753637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.750{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a70f60f7e2c30b12022-02-14 08:47:01.750root 11241100x80000000000000001753638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.750{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2594b1c98e8e85062022-02-14 08:47:01.750root 11241100x80000000000000001753639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.750{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a63d4f44fb31a12022-02-14 08:47:01.750root 11241100x80000000000000001753640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.750{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb3264ebdf5145a2022-02-14 08:47:01.750root 11241100x80000000000000001753641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.750{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9482b789071ab7bb2022-02-14 08:47:01.750root 11241100x80000000000000001753642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.750{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712317d6fb25bd442022-02-14 08:47:01.750root 11241100x80000000000000001753643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.750{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ae900acc4c79d52022-02-14 08:47:01.750root 11241100x80000000000000001753644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.750{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1dd039cd045ae72022-02-14 08:47:01.750root 11241100x80000000000000001753645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.751{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf79b6d8257d5be2022-02-14 08:47:01.751root 11241100x80000000000000001753646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.751{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72206d9c42bd9d82022-02-14 08:47:01.751root 11241100x80000000000000001753647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.751{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cfbd7925a955532022-02-14 08:47:01.751root 11241100x80000000000000001753648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.751{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6ab611a4859e0f2022-02-14 08:47:01.751root 11241100x80000000000000001753649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.751{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c06cf0284111332022-02-14 08:47:01.751root 11241100x80000000000000001753650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.751{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e86c6c40c0e3f42022-02-14 08:47:01.751root 11241100x80000000000000001753651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.751{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3c5a5dcfc24ae82022-02-14 08:47:01.751root 11241100x80000000000000001753652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.751{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0943010ec49aeac22022-02-14 08:47:01.751root 11241100x80000000000000001753653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.751{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561a86d7d4935d5a2022-02-14 08:47:01.751root 11241100x80000000000000001753654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.751{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff60c6c5e2123c662022-02-14 08:47:01.751root 11241100x80000000000000001753655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.751{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d461a237ce579abe2022-02-14 08:47:01.751root 11241100x80000000000000001753656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.751{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a893e9ecdf1753ba2022-02-14 08:47:01.751root 11241100x80000000000000001753657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.751{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c22223600804872022-02-14 08:47:01.751root 11241100x80000000000000001753658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.751{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980e76ded148aa992022-02-14 08:47:01.751root 11241100x80000000000000001753659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.751{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f172ec8cf8e7372022-02-14 08:47:01.751root 11241100x80000000000000001753660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.752{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09711b592c2c21e2022-02-14 08:47:01.752root 11241100x80000000000000001753661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.752{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c331e25a0912a802022-02-14 08:47:01.752root 11241100x80000000000000001753662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.752{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a7c15e74faec942022-02-14 08:47:01.752root 11241100x80000000000000001753663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.752{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19adcd7c087dd8522022-02-14 08:47:01.752root 11241100x80000000000000001753664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.752{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a741e8818ff5072022-02-14 08:47:01.752root 11241100x80000000000000001753665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.752{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e908d1ca31b7a1f2022-02-14 08:47:01.752root 11241100x80000000000000001753666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.752{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb22ca1554313db92022-02-14 08:47:01.752root 11241100x80000000000000001753667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.752{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452d5b8ccbc0580b2022-02-14 08:47:01.752root 11241100x80000000000000001753668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.752{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdf1df0863198ab2022-02-14 08:47:01.752root 11241100x80000000000000001753669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.752{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fa7db0701a383e2022-02-14 08:47:01.752root 11241100x80000000000000001753670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.752{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3453119e3afedd02022-02-14 08:47:01.752root 11241100x80000000000000001753671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.752{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25e0aa0219ce2122022-02-14 08:47:01.752root 11241100x80000000000000001753672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.752{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc75e985823b0b82022-02-14 08:47:01.752root 11241100x80000000000000001753673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.752{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e82d40cde61c8ea2022-02-14 08:47:01.752root 11241100x80000000000000001753674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.752{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd2f11dd630ecf62022-02-14 08:47:01.752root 11241100x80000000000000001753675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.753{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0bfff432947f9292022-02-14 08:47:01.753root 11241100x80000000000000001753676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.753{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f510e6b933b042922022-02-14 08:47:01.753root 11241100x80000000000000001753677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.753{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4550cb319511b06f2022-02-14 08:47:01.753root 11241100x80000000000000001753678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.753{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d5350961ee61012022-02-14 08:47:01.753root 11241100x80000000000000001753679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.753{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b959500637a7212022-02-14 08:47:01.753root 11241100x80000000000000001753680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.753{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b211eaa689d338b22022-02-14 08:47:01.753root 11241100x80000000000000001753681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.753{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a864d7a576eee022022-02-14 08:47:01.753root 11241100x80000000000000001753682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.753{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c244870752347f2022-02-14 08:47:01.753root 23542300x80000000000000001753683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.879{ec2ab09f-16f7-620a-8032-1722c0550000}2032root/bin/nano/home/ubuntu/./.net_dis.sh.swp--- 11241100x80000000000000001753684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:01.879{ec2ab09f-16f7-620a-8032-1722c0550000}2032/bin/nano/home/ubuntu/.net_dis.sh.swp2022-02-14 08:47:01.879root 11241100x80000000000000001753685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b212d0dc9ad1e26d2022-02-14 08:47:02.180root 11241100x80000000000000001753686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8e37bc4d40bd7c2022-02-14 08:47:02.180root 11241100x80000000000000001753687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96831163e0ad036e2022-02-14 08:47:02.180root 11241100x80000000000000001753688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd12b72fe6b653182022-02-14 08:47:02.181root 11241100x80000000000000001753689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651513a7bf0e95a82022-02-14 08:47:02.181root 11241100x80000000000000001753690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba43dcad3c624662022-02-14 08:47:02.181root 11241100x80000000000000001753691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce18c2d9384f70b2022-02-14 08:47:02.181root 11241100x80000000000000001753692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53cc1309592f6a62022-02-14 08:47:02.181root 11241100x80000000000000001753693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b0dc41f1ed14392022-02-14 08:47:02.181root 11241100x80000000000000001753694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd69eca45d2027d82022-02-14 08:47:02.181root 11241100x80000000000000001753695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ede0b9088642ef2022-02-14 08:47:02.181root 11241100x80000000000000001753696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a543b4dcbf2816f72022-02-14 08:47:02.181root 11241100x80000000000000001753697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948b8e377b455a422022-02-14 08:47:02.182root 11241100x80000000000000001753698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4462f4fc870a0f2022-02-14 08:47:02.182root 11241100x80000000000000001753699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17c9347bd18f31e2022-02-14 08:47:02.182root 11241100x80000000000000001753700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fde19a9a59f64f2022-02-14 08:47:02.182root 11241100x80000000000000001753701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054f856618cf6c2f2022-02-14 08:47:02.182root 11241100x80000000000000001753702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f733374f628ff5812022-02-14 08:47:02.182root 11241100x80000000000000001753703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e20e8840736a4c12022-02-14 08:47:02.182root 11241100x80000000000000001753704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4f527d0402ddeb2022-02-14 08:47:02.183root 11241100x80000000000000001753705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feefa332ffb709462022-02-14 08:47:02.184root 11241100x80000000000000001753706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0cda892b4e8dde2022-02-14 08:47:02.184root 11241100x80000000000000001753707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01b9d29b60e8bad2022-02-14 08:47:02.184root 11241100x80000000000000001753708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb49c363394e90d72022-02-14 08:47:02.184root 11241100x80000000000000001753709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5aa4d69b97d00832022-02-14 08:47:02.184root 11241100x80000000000000001753710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed25a0b91b31bda92022-02-14 08:47:02.185root 11241100x80000000000000001753711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db76f2f2b61389402022-02-14 08:47:02.185root 11241100x80000000000000001753712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a47a37b7ea99872022-02-14 08:47:02.185root 11241100x80000000000000001753713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad1850a7adba6df2022-02-14 08:47:02.185root 11241100x80000000000000001753714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e838488290be8b282022-02-14 08:47:02.185root 11241100x80000000000000001753715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beca5517fb86a14f2022-02-14 08:47:02.185root 11241100x80000000000000001753716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b8336e6ab4c5792022-02-14 08:47:02.186root 11241100x80000000000000001753717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fd4c10d48f7d342022-02-14 08:47:02.186root 11241100x80000000000000001753718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d2eba596943fd82022-02-14 08:47:02.187root 11241100x80000000000000001753719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23a8e14906f36232022-02-14 08:47:02.187root 11241100x80000000000000001753720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458c2b326861f9f72022-02-14 08:47:02.187root 11241100x80000000000000001753721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71509e8af18c4632022-02-14 08:47:02.187root 11241100x80000000000000001753722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac8d29e3a7c1f862022-02-14 08:47:02.187root 11241100x80000000000000001753723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f654b257b57e08912022-02-14 08:47:02.188root 11241100x80000000000000001753724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba60fee4dd0b8da2022-02-14 08:47:02.188root 11241100x80000000000000001753725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5f4a3feccb8c5c2022-02-14 08:47:02.188root 11241100x80000000000000001753726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85662eb10e2cb202022-02-14 08:47:02.188root 11241100x80000000000000001753727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b0e9254d1e1f1e2022-02-14 08:47:02.189root 11241100x80000000000000001753728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a018ec4791053d712022-02-14 08:47:02.189root 11241100x80000000000000001753729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7042d69fe780ae672022-02-14 08:47:02.189root 11241100x80000000000000001753730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2ee7786467cd6c2022-02-14 08:47:02.189root 11241100x80000000000000001753731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de364b85f1cd6732022-02-14 08:47:02.190root 11241100x80000000000000001753732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5a11ea0a9f6aea2022-02-14 08:47:02.190root 11241100x80000000000000001753733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd433853a3093842022-02-14 08:47:02.190root 11241100x80000000000000001753734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be29a9a3f7962a22022-02-14 08:47:02.190root 11241100x80000000000000001753735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4efb837b5c977e6c2022-02-14 08:47:02.190root 11241100x80000000000000001753736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296f15dff216d2012022-02-14 08:47:02.192root 11241100x80000000000000001753737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255a724392a5a7f12022-02-14 08:47:02.192root 11241100x80000000000000001753738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d42332df710c8832022-02-14 08:47:02.192root 11241100x80000000000000001753739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88ebd2a21a1a45e2022-02-14 08:47:02.192root 11241100x80000000000000001753740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb80b61d43c7dc672022-02-14 08:47:02.192root 11241100x80000000000000001753741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a39821ad33386272022-02-14 08:47:02.193root 11241100x80000000000000001753742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8b099ef5f6c9f82022-02-14 08:47:02.193root 11241100x80000000000000001753743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf53eefdb155c7f2022-02-14 08:47:02.194root 11241100x80000000000000001753744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5aade86a037da722022-02-14 08:47:02.194root 11241100x80000000000000001753745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f107569b0cf95b02022-02-14 08:47:02.194root 11241100x80000000000000001753746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a57faa68e726fa12022-02-14 08:47:02.195root 11241100x80000000000000001753747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b115b4ba0dffe82022-02-14 08:47:02.195root 11241100x80000000000000001753748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25157764b40545f22022-02-14 08:47:02.195root 11241100x80000000000000001753749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38a611bdc7b64782022-02-14 08:47:02.196root 11241100x80000000000000001753750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095e11179688490e2022-02-14 08:47:02.196root 11241100x80000000000000001753751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71067cce947139af2022-02-14 08:47:02.196root 11241100x80000000000000001753752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3f962c988c86e92022-02-14 08:47:02.196root 11241100x80000000000000001753753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d97669818f02fca2022-02-14 08:47:02.197root 11241100x80000000000000001753754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7e90ad0465eb702022-02-14 08:47:02.197root 11241100x80000000000000001753755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3130e42c28ab7c6b2022-02-14 08:47:02.197root 11241100x80000000000000001753756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fedba52b645bf02022-02-14 08:47:02.198root 11241100x80000000000000001753757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a5fbaeaa69e5882022-02-14 08:47:02.198root 11241100x80000000000000001753758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197881b2e89d94742022-02-14 08:47:02.198root 11241100x80000000000000001753759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5025772d22b0afb12022-02-14 08:47:02.198root 11241100x80000000000000001753760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.199{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ced5c85c0805302022-02-14 08:47:02.199root 11241100x80000000000000001753761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.199{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a53b9405318bcc2022-02-14 08:47:02.199root 11241100x80000000000000001753762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.199{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de8780e397993ff2022-02-14 08:47:02.199root 11241100x80000000000000001753763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.199{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ffbb113425f86f2022-02-14 08:47:02.199root 11241100x80000000000000001753764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.199{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a460273064bdf12022-02-14 08:47:02.199root 11241100x80000000000000001753765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.200{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3787417292b62c2022-02-14 08:47:02.200root 11241100x80000000000000001753766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.200{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd22d8b801bb7c502022-02-14 08:47:02.200root 11241100x80000000000000001753767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.200{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a861f1da2495252022-02-14 08:47:02.200root 11241100x80000000000000001753768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.200{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956e1bac315a70cf2022-02-14 08:47:02.200root 11241100x80000000000000001753769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.201{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bdc6dae0a4ec172022-02-14 08:47:02.201root 11241100x80000000000000001753770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.201{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bea6749588201f42022-02-14 08:47:02.201root 11241100x80000000000000001753771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.201{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e9f4f8bc4c8ca12022-02-14 08:47:02.201root 11241100x80000000000000001753772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.202{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8721ec8ca9ee212022-02-14 08:47:02.202root 11241100x80000000000000001753773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.202{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6207559dc722a72022-02-14 08:47:02.202root 11241100x80000000000000001753774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.202{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8f704bd2c121732022-02-14 08:47:02.202root 11241100x80000000000000001753775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.202{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5491f77b96482ac92022-02-14 08:47:02.202root 11241100x80000000000000001753776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.202{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffca03636cbaf5c42022-02-14 08:47:02.202root 11241100x80000000000000001753777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ed613f7ce936d82022-02-14 08:47:02.203root 11241100x80000000000000001753778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235b02641613d7ff2022-02-14 08:47:02.203root 11241100x80000000000000001753779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5ee389f9012d7d2022-02-14 08:47:02.203root 11241100x80000000000000001753780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97ef68b6ee5c3aa2022-02-14 08:47:02.203root 11241100x80000000000000001753781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fb652fbd12baf62022-02-14 08:47:02.203root 11241100x80000000000000001753782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a325da6ea99bc8692022-02-14 08:47:02.203root 11241100x80000000000000001753783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c3f9bf75f266292022-02-14 08:47:02.203root 11241100x80000000000000001753784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a822cfd7e24b272022-02-14 08:47:02.204root 11241100x80000000000000001753785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be832899a5a8f8da2022-02-14 08:47:02.204root 11241100x80000000000000001753786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61241b1ab7bd05bc2022-02-14 08:47:02.204root 11241100x80000000000000001753787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a4a0600d249bf12022-02-14 08:47:02.204root 11241100x80000000000000001753788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc8243a89dc9a7d2022-02-14 08:47:02.204root 11241100x80000000000000001753789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b718f78070335c82022-02-14 08:47:02.204root 11241100x80000000000000001753790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33df0ce89c178702022-02-14 08:47:02.204root 11241100x80000000000000001753791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0013bd9768e76ab62022-02-14 08:47:02.204root 11241100x80000000000000001753792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2714941acdd0172022-02-14 08:47:02.204root 11241100x80000000000000001753793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12eac64abf60a4be2022-02-14 08:47:02.204root 11241100x80000000000000001753794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d59131c382116482022-02-14 08:47:02.204root 11241100x80000000000000001753795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1557cf3fbe899ce12022-02-14 08:47:02.204root 11241100x80000000000000001753796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9baac56b2eafc12022-02-14 08:47:02.204root 11241100x80000000000000001753797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbededd62b2f17e2022-02-14 08:47:02.204root 11241100x80000000000000001753798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f338118f33195d2022-02-14 08:47:02.204root 11241100x80000000000000001753799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d427635939007092022-02-14 08:47:02.205root 11241100x80000000000000001753800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9233fe6444c79882022-02-14 08:47:02.205root 11241100x80000000000000001753801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a36c95b2b566c0b2022-02-14 08:47:02.205root 11241100x80000000000000001753802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8d00bb06c492852022-02-14 08:47:02.205root 11241100x80000000000000001753803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519ded5d043974442022-02-14 08:47:02.205root 11241100x80000000000000001753804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c72614d7268c4152022-02-14 08:47:02.205root 11241100x80000000000000001753805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5932dbb362ba9c472022-02-14 08:47:02.205root 11241100x80000000000000001753806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbf6948a92500652022-02-14 08:47:02.205root 11241100x80000000000000001753807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b25470feeeed4b2022-02-14 08:47:02.205root 11241100x80000000000000001753808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92859e1935cc4c52022-02-14 08:47:02.205root 11241100x80000000000000001753809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195e86a0fc9918a02022-02-14 08:47:02.205root 11241100x80000000000000001753810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34469336df1cb8f32022-02-14 08:47:02.205root 11241100x80000000000000001753811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e33eda480672282022-02-14 08:47:02.205root 11241100x80000000000000001753812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1496e15a655ad12022-02-14 08:47:02.205root 11241100x80000000000000001753813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e103aaa02eb2e52022-02-14 08:47:02.205root 11241100x80000000000000001753814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1193b2026cf7042022-02-14 08:47:02.206root 11241100x80000000000000001753815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705ed1ecd199bcaf2022-02-14 08:47:02.206root 11241100x80000000000000001753816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f372163ea2c2b96e2022-02-14 08:47:02.206root 11241100x80000000000000001753817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3141b6d8e387c01f2022-02-14 08:47:02.206root 11241100x80000000000000001753818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d509438be33a50792022-02-14 08:47:02.206root 11241100x80000000000000001753819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713d5311a6f6a2c02022-02-14 08:47:02.206root 11241100x80000000000000001753820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.207{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afdb2d810f7da9d2022-02-14 08:47:02.207root 11241100x80000000000000001753821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.207{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288a98fc1f014dba2022-02-14 08:47:02.207root 11241100x80000000000000001753822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.207{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83abbdafa320adb02022-02-14 08:47:02.207root 11241100x80000000000000001753823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.207{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2b451d1b23dc242022-02-14 08:47:02.207root 11241100x80000000000000001753824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.207{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f3286b51a8b3682022-02-14 08:47:02.207root 11241100x80000000000000001753825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.207{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53dd1ca7e8d53162022-02-14 08:47:02.207root 11241100x80000000000000001753826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.207{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8329741e5373722022-02-14 08:47:02.207root 11241100x80000000000000001753827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.207{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e4dc6799ec61152022-02-14 08:47:02.207root 11241100x80000000000000001753828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.207{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f357a38220fd13e12022-02-14 08:47:02.207root 11241100x80000000000000001753829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.207{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6cb5173ab000dc2022-02-14 08:47:02.207root 11241100x80000000000000001753830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.207{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2664f1a26963a2552022-02-14 08:47:02.207root 11241100x80000000000000001753831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f89d88d98cedc62022-02-14 08:47:02.208root 11241100x80000000000000001753832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c3e5885625b2d62022-02-14 08:47:02.208root 11241100x80000000000000001753833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9d06d0f8fa52ad2022-02-14 08:47:02.208root 11241100x80000000000000001753834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d65963cc7f06da2022-02-14 08:47:02.208root 11241100x80000000000000001753835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627862ec4614db9a2022-02-14 08:47:02.208root 11241100x80000000000000001753836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb10b978439fee082022-02-14 08:47:02.208root 11241100x80000000000000001753837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5c225ced59b2c42022-02-14 08:47:02.208root 11241100x80000000000000001753838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d93bfaa539bc0222022-02-14 08:47:02.208root 11241100x80000000000000001753839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e2569e725b769e2022-02-14 08:47:02.208root 11241100x80000000000000001753840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c0bf3b844fcf962022-02-14 08:47:02.208root 11241100x80000000000000001753841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25531cf42325edf2022-02-14 08:47:02.209root 11241100x80000000000000001753842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1235e77f8d8c62e62022-02-14 08:47:02.209root 11241100x80000000000000001753843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507fce950279e5242022-02-14 08:47:02.209root 11241100x80000000000000001753844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20214e68df35f9652022-02-14 08:47:02.209root 11241100x80000000000000001753845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb9a56fdda2a8a62022-02-14 08:47:02.209root 11241100x80000000000000001753846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e7b8eacc7983a02022-02-14 08:47:02.209root 11241100x80000000000000001753847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cafd2d1764da6072022-02-14 08:47:02.209root 11241100x80000000000000001753848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa183c5b06651a042022-02-14 08:47:02.209root 11241100x80000000000000001753849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47de6919ccee301f2022-02-14 08:47:02.209root 11241100x80000000000000001753850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c9b9f6a7deedb92022-02-14 08:47:02.209root 11241100x80000000000000001753851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec768e6fce7b7e12022-02-14 08:47:02.209root 11241100x80000000000000001753852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e5f3c55883fbf92022-02-14 08:47:02.210root 11241100x80000000000000001753853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e717503ab59b9a782022-02-14 08:47:02.210root 11241100x80000000000000001753854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38886996b72428c2022-02-14 08:47:02.210root 11241100x80000000000000001753855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c7ec68b6a7e1dc2022-02-14 08:47:02.210root 11241100x80000000000000001753856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb48cfa351875742022-02-14 08:47:02.210root 11241100x80000000000000001753857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17c3efa5d8e12ee2022-02-14 08:47:02.210root 11241100x80000000000000001753858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cb96b07e03d2792022-02-14 08:47:02.210root 11241100x80000000000000001753859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936030cac509c1d12022-02-14 08:47:02.210root 11241100x80000000000000001753860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282267f7939752282022-02-14 08:47:02.210root 11241100x80000000000000001753861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23de6ee16327b84b2022-02-14 08:47:02.210root 11241100x80000000000000001753862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8325182949bf4872022-02-14 08:47:02.210root 11241100x80000000000000001753863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751e5f8156a46fca2022-02-14 08:47:02.211root 11241100x80000000000000001753864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56deeefd66042ae2022-02-14 08:47:02.211root 11241100x80000000000000001753865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82be2ea82627fd332022-02-14 08:47:02.211root 11241100x80000000000000001753866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa691a393c257dd2022-02-14 08:47:02.211root 11241100x80000000000000001753867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6000368fa5831d952022-02-14 08:47:02.211root 11241100x80000000000000001753868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc85291b3cd16a92022-02-14 08:47:02.211root 11241100x80000000000000001753869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9821393ff74c5b82022-02-14 08:47:02.211root 11241100x80000000000000001753870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bed1bd80ad336842022-02-14 08:47:02.211root 11241100x80000000000000001753871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484606ed4492deb32022-02-14 08:47:02.211root 11241100x80000000000000001753872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3dd7e3c78bbb362022-02-14 08:47:02.211root 11241100x80000000000000001753873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0fd5c11129aa73b2022-02-14 08:47:02.211root 11241100x80000000000000001753874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684d9bd3b50993732022-02-14 08:47:02.212root 11241100x80000000000000001753875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f811926b6c431ed82022-02-14 08:47:02.212root 11241100x80000000000000001753876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf90dc37d4e47ed2022-02-14 08:47:02.212root 11241100x80000000000000001753877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0548fdd32b341b942022-02-14 08:47:02.212root 11241100x80000000000000001753878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e576e1625475d7342022-02-14 08:47:02.680root 11241100x80000000000000001753879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e808b760eca4ae2b2022-02-14 08:47:02.681root 11241100x80000000000000001753880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929b1f977c4c2cb72022-02-14 08:47:02.681root 11241100x80000000000000001753881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821990f86f4978bf2022-02-14 08:47:02.681root 11241100x80000000000000001753882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be71137bdd22830c2022-02-14 08:47:02.681root 11241100x80000000000000001753883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d89a060d73678342022-02-14 08:47:02.681root 11241100x80000000000000001753884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a90a8c0ecc70e832022-02-14 08:47:02.681root 11241100x80000000000000001753885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f0b10af5dce6c72022-02-14 08:47:02.681root 11241100x80000000000000001753886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b85463acbfd2f212022-02-14 08:47:02.681root 11241100x80000000000000001753887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb596f509e184482022-02-14 08:47:02.682root 11241100x80000000000000001753888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e04c96307d51d42022-02-14 08:47:02.682root 11241100x80000000000000001753889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197aac9b088643d42022-02-14 08:47:02.682root 11241100x80000000000000001753890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aaeaa00ea6c5a0d2022-02-14 08:47:02.682root 11241100x80000000000000001753891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cec861503af17112022-02-14 08:47:02.682root 11241100x80000000000000001753892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfeec155b8bdb54c2022-02-14 08:47:02.682root 11241100x80000000000000001753893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3674e6f5a6f2481c2022-02-14 08:47:02.682root 11241100x80000000000000001753894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7f266cda10a9e22022-02-14 08:47:02.682root 11241100x80000000000000001753895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b848ff3fadcb44e02022-02-14 08:47:02.682root 11241100x80000000000000001753896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c54b23aba13b512022-02-14 08:47:02.682root 11241100x80000000000000001753897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887d7e9d0cef4e822022-02-14 08:47:02.683root 11241100x80000000000000001753898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708ed8949c2546af2022-02-14 08:47:02.683root 11241100x80000000000000001753899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073ca3b5c97db4da2022-02-14 08:47:02.683root 11241100x80000000000000001753900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce3ff814786fd0c2022-02-14 08:47:02.683root 11241100x80000000000000001753901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af01bbd5f45f56b2022-02-14 08:47:02.683root 11241100x80000000000000001753902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7620d196cbed5f572022-02-14 08:47:02.683root 11241100x80000000000000001753903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa56c664c8c87adf2022-02-14 08:47:02.683root 11241100x80000000000000001753904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da0cfbfe0ccbc592022-02-14 08:47:02.683root 11241100x80000000000000001753905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6ea7b0c5f33f612022-02-14 08:47:02.683root 11241100x80000000000000001753906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330888d65f4410912022-02-14 08:47:02.684root 11241100x80000000000000001753907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b34bcd8bae8e7d2022-02-14 08:47:02.684root 11241100x80000000000000001753908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf9e519b1ab925a2022-02-14 08:47:02.684root 11241100x80000000000000001753909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56238b82a6a68252022-02-14 08:47:02.684root 11241100x80000000000000001753910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0fbea4b0bf76a902022-02-14 08:47:02.684root 11241100x80000000000000001753911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7bc58516b96d5c2022-02-14 08:47:02.684root 11241100x80000000000000001753912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00105e756a30bba32022-02-14 08:47:02.684root 11241100x80000000000000001753913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0426a7eb1772922022-02-14 08:47:02.684root 11241100x80000000000000001753914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e0698a6386c07b2022-02-14 08:47:02.685root 11241100x80000000000000001753915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7943777a213b8782022-02-14 08:47:02.685root 11241100x80000000000000001753916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8ce3e72c9e54b22022-02-14 08:47:02.685root 11241100x80000000000000001753917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966c5fd3aa65d02d2022-02-14 08:47:02.685root 11241100x80000000000000001753918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eaea60957225f8f2022-02-14 08:47:02.686root 11241100x80000000000000001753919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce896f7b0fe1b1b2022-02-14 08:47:02.686root 11241100x80000000000000001753920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c72af8911829382022-02-14 08:47:02.686root 11241100x80000000000000001753921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea6f01ec5ab87f12022-02-14 08:47:02.686root 11241100x80000000000000001753922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7dfc833e47fe0732022-02-14 08:47:02.687root 11241100x80000000000000001753923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960c20c3adbfa24e2022-02-14 08:47:02.687root 11241100x80000000000000001753924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b643483574b19302022-02-14 08:47:02.687root 11241100x80000000000000001753925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21c004ff9b052982022-02-14 08:47:02.688root 11241100x80000000000000001753926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf4961de52067e32022-02-14 08:47:02.689root 11241100x80000000000000001753927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4d695e3ce091982022-02-14 08:47:02.689root 11241100x80000000000000001753928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b4223696b9fe652022-02-14 08:47:02.689root 11241100x80000000000000001753929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecee7f97dbca1462022-02-14 08:47:02.690root 11241100x80000000000000001753930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bbb1670ea96c1f2022-02-14 08:47:02.691root 11241100x80000000000000001753931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44cf64b0bd688672022-02-14 08:47:02.691root 11241100x80000000000000001753932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dc942c8d3a27702022-02-14 08:47:02.691root 11241100x80000000000000001753933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a9b6264f0779432022-02-14 08:47:02.692root 11241100x80000000000000001753934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b236163b689d46c2022-02-14 08:47:02.692root 11241100x80000000000000001753935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decaab6d0501cec62022-02-14 08:47:02.692root 11241100x80000000000000001753936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32fae5b7b550a132022-02-14 08:47:02.692root 11241100x80000000000000001753937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f686462065b11ac2022-02-14 08:47:02.692root 11241100x80000000000000001753938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b18f4d69f3aba22022-02-14 08:47:02.692root 11241100x80000000000000001753939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd15b0d868425b42022-02-14 08:47:02.692root 11241100x80000000000000001753940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac5f1facbb28c792022-02-14 08:47:02.692root 11241100x80000000000000001753941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f6de7dba277caf2022-02-14 08:47:02.692root 11241100x80000000000000001753942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe4ab530b93e2712022-02-14 08:47:02.692root 11241100x80000000000000001753943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf273a84595dcad2022-02-14 08:47:02.694root 11241100x80000000000000001753944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561776409c46915c2022-02-14 08:47:02.694root 11241100x80000000000000001753945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae403f61b8c8aba2022-02-14 08:47:02.694root 11241100x80000000000000001753946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d377ac2b684aa472022-02-14 08:47:02.694root 11241100x80000000000000001753947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de59e11d6ffa9b722022-02-14 08:47:02.694root 11241100x80000000000000001753948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2482acc1530b2cd2022-02-14 08:47:02.694root 11241100x80000000000000001753949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91470250866c4e22022-02-14 08:47:02.696root 11241100x80000000000000001753950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cea3df2552beb52022-02-14 08:47:02.696root 11241100x80000000000000001753951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880d225d76cce5622022-02-14 08:47:02.696root 11241100x80000000000000001753952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd58f2555e3037c72022-02-14 08:47:02.696root 11241100x80000000000000001753953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285b384ea88bf8502022-02-14 08:47:02.696root 11241100x80000000000000001753954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34e634adb4b053b2022-02-14 08:47:02.696root 11241100x80000000000000001753955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9fcbe3bb80c8da2022-02-14 08:47:02.697root 11241100x80000000000000001753956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2999a6e3bd5305372022-02-14 08:47:02.697root 11241100x80000000000000001753957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292c390723230bb02022-02-14 08:47:02.697root 11241100x80000000000000001753958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23923c0fe178b42d2022-02-14 08:47:02.698root 11241100x80000000000000001753959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be60d53fe2db6af2022-02-14 08:47:02.698root 11241100x80000000000000001753960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fd56be880eb8942022-02-14 08:47:02.698root 11241100x80000000000000001753961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a052d1627c80562022-02-14 08:47:02.698root 11241100x80000000000000001753962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c186a294468f0742022-02-14 08:47:02.698root 11241100x80000000000000001753963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1a49f0037f35792022-02-14 08:47:02.699root 11241100x80000000000000001753964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f571b4a91e1d3bd2022-02-14 08:47:02.699root 11241100x80000000000000001753965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d851b5d6ddc4262022-02-14 08:47:02.699root 11241100x80000000000000001753966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbebdc8dd5db63e2022-02-14 08:47:02.699root 11241100x80000000000000001753967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b413e441f5b5bb02022-02-14 08:47:02.699root 11241100x80000000000000001753968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99166b42735e03eb2022-02-14 08:47:02.700root 11241100x80000000000000001753969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e917c4abe743372022-02-14 08:47:02.700root 11241100x80000000000000001753970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4807ccaae17118182022-02-14 08:47:02.700root 11241100x80000000000000001753971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb53a275ecd000532022-02-14 08:47:02.700root 11241100x80000000000000001753972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55283b80b4cbb1a2022-02-14 08:47:02.700root 11241100x80000000000000001753973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3507036534eec02022-02-14 08:47:02.703root 11241100x80000000000000001753974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06144276bded8cc2022-02-14 08:47:02.703root 11241100x80000000000000001753975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e647533f674887cc2022-02-14 08:47:02.703root 11241100x80000000000000001753976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f67cc9706d743bc2022-02-14 08:47:02.703root 11241100x80000000000000001753977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a286acac7e3bcaea2022-02-14 08:47:02.703root 11241100x80000000000000001753978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20a0ae0e57c51ec2022-02-14 08:47:02.704root 11241100x80000000000000001753979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c53a133a359f7c22022-02-14 08:47:02.704root 11241100x80000000000000001753980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab07f824dd3e591e2022-02-14 08:47:02.704root 11241100x80000000000000001753981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce00aed0b04664e72022-02-14 08:47:02.704root 11241100x80000000000000001753982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fbeb9c5c20b2072022-02-14 08:47:02.704root 11241100x80000000000000001753983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b7d69abca318832022-02-14 08:47:02.705root 11241100x80000000000000001753984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97723d7888f85792022-02-14 08:47:02.705root 11241100x80000000000000001753985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45939550ca2c783c2022-02-14 08:47:02.705root 11241100x80000000000000001753986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950db0e4a390114e2022-02-14 08:47:02.705root 11241100x80000000000000001753987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbad0e4631958392022-02-14 08:47:02.706root 11241100x80000000000000001753988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205a76b95553a1242022-02-14 08:47:02.706root 11241100x80000000000000001753989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e967b0724e0724002022-02-14 08:47:02.706root 11241100x80000000000000001753990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93f6f5c7c8897152022-02-14 08:47:02.706root 11241100x80000000000000001753991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.707{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe9e35962eb0e1a2022-02-14 08:47:02.707root 11241100x80000000000000001753992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.707{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79230aac69d9d1d12022-02-14 08:47:02.707root 11241100x80000000000000001753993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.707{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b4deaf1b7611212022-02-14 08:47:02.707root 11241100x80000000000000001753994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.708{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef26843ce6339b9e2022-02-14 08:47:02.708root 11241100x80000000000000001753995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.708{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0676b9624fe6bae32022-02-14 08:47:02.708root 11241100x80000000000000001753996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.708{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c284d1fe7e89a22022-02-14 08:47:02.708root 11241100x80000000000000001753997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.708{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202ecd7d8a767cb42022-02-14 08:47:02.708root 11241100x80000000000000001753998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.709{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc790881f24628782022-02-14 08:47:02.709root 11241100x80000000000000001753999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.709{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a0e16429fdbe082022-02-14 08:47:02.709root 11241100x80000000000000001754000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.709{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe5ad1e223567032022-02-14 08:47:02.709root 11241100x80000000000000001754001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2960483a58bff8632022-02-14 08:47:02.710root 11241100x80000000000000001754002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3acb7505cdd1f852022-02-14 08:47:02.710root 11241100x80000000000000001754003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597cbe53ab9f1ec12022-02-14 08:47:02.710root 11241100x80000000000000001754004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe77e2a61866d2952022-02-14 08:47:02.710root 11241100x80000000000000001754005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.711{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853eb793ef8a7da12022-02-14 08:47:02.711root 11241100x80000000000000001754006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.712{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ea44d5a134b5352022-02-14 08:47:02.712root 11241100x80000000000000001754007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.712{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7023cc56385a813e2022-02-14 08:47:02.712root 11241100x80000000000000001754008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.712{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ff063f5234a5d82022-02-14 08:47:02.712root 11241100x80000000000000001754009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.712{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e504265a7905fd122022-02-14 08:47:02.712root 11241100x80000000000000001754010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.712{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbacdc878256c5e2022-02-14 08:47:02.712root 11241100x80000000000000001754011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.712{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60dd1266407f5cda2022-02-14 08:47:02.712root 11241100x80000000000000001754012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.713{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341972fd1d613eca2022-02-14 08:47:02.713root 11241100x80000000000000001754013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.713{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5aa92c5661a30132022-02-14 08:47:02.713root 11241100x80000000000000001754014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.714{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40c97e4c3d547652022-02-14 08:47:02.714root 11241100x80000000000000001754015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.714{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717302742495885d2022-02-14 08:47:02.714root 11241100x80000000000000001754016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.714{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcea2a6de091ce02022-02-14 08:47:02.714root 11241100x80000000000000001754017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb1447af579618c2022-02-14 08:47:02.715root 11241100x80000000000000001754018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3260f175d512f8002022-02-14 08:47:02.715root 11241100x80000000000000001754019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.716{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b91cbdf3667a4792022-02-14 08:47:02.716root 11241100x80000000000000001754020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.716{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11e4d0bfa089eca2022-02-14 08:47:02.716root 11241100x80000000000000001754021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.716{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c4deec041568472022-02-14 08:47:02.716root 11241100x80000000000000001754022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.717{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60e49a40fe27dde2022-02-14 08:47:02.717root 11241100x80000000000000001754023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.717{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761e1dbb2077d1b02022-02-14 08:47:02.717root 11241100x80000000000000001754024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.717{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8d041aff4f69b52022-02-14 08:47:02.717root 11241100x80000000000000001754025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.717{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8503ad66f5850de02022-02-14 08:47:02.717root 11241100x80000000000000001754026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.719{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e684344e3bfba912022-02-14 08:47:02.719root 11241100x80000000000000001754027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.719{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e0b8cc480b866d2022-02-14 08:47:02.719root 11241100x80000000000000001754028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595dfc69b459edd22022-02-14 08:47:02.720root 11241100x80000000000000001754029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e32bd499f60a4b2022-02-14 08:47:02.720root 11241100x80000000000000001754030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6b3603c892b94d2022-02-14 08:47:02.720root 11241100x80000000000000001754031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936fd676ff453ebb2022-02-14 08:47:02.720root 11241100x80000000000000001754032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479e921972f3503f2022-02-14 08:47:02.720root 11241100x80000000000000001754033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742562a70f4f29bb2022-02-14 08:47:02.720root 11241100x80000000000000001754034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa696529f44e0902022-02-14 08:47:02.720root 11241100x80000000000000001754035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02db16f4e18f4fd2022-02-14 08:47:02.721root 11241100x80000000000000001754036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43169f02738b3f2a2022-02-14 08:47:02.721root 11241100x80000000000000001754037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587cb9a7616d806c2022-02-14 08:47:02.721root 11241100x80000000000000001754038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.722{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5650d83f8c6ff2612022-02-14 08:47:02.722root 11241100x80000000000000001754039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.722{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4219a6e0e4cdaacd2022-02-14 08:47:02.722root 11241100x80000000000000001754040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.722{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c285e92fa05c002022-02-14 08:47:02.722root 11241100x80000000000000001754041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.722{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7802e5c1453a7f6e2022-02-14 08:47:02.722root 11241100x80000000000000001754042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.723{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57a437528a0d0382022-02-14 08:47:02.723root 11241100x80000000000000001754043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.723{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7628c5d2ebfad2922022-02-14 08:47:02.723root 11241100x80000000000000001754044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.723{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7543b817c3ab1aa42022-02-14 08:47:02.723root 11241100x80000000000000001754045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.723{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33dc6c0a2db0a912022-02-14 08:47:02.723root 11241100x80000000000000001754046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.723{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b743790e4c975292022-02-14 08:47:02.723root 11241100x80000000000000001754047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d23d47e0ee649f2022-02-14 08:47:02.724root 11241100x80000000000000001754048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0d4e03b73b57b92022-02-14 08:47:02.724root 11241100x80000000000000001754049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672492dca87d73ac2022-02-14 08:47:02.724root 11241100x80000000000000001754050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f63582fc4d34d702022-02-14 08:47:02.724root 11241100x80000000000000001754051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.725{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd69f0b2c01fd1dd2022-02-14 08:47:02.725root 11241100x80000000000000001754052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.725{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd226be1a3eea6322022-02-14 08:47:02.725root 11241100x80000000000000001754053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.725{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92ae644426754562022-02-14 08:47:02.725root 11241100x80000000000000001754054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c6c2a29adb2e3f2022-02-14 08:47:02.726root 11241100x80000000000000001754055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac6b52f245cbf142022-02-14 08:47:02.726root 11241100x80000000000000001754056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e99e21eb1a3d8ae2022-02-14 08:47:02.726root 11241100x80000000000000001754057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0458f247155fafd2022-02-14 08:47:02.726root 11241100x80000000000000001754058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc7eb7425575cb22022-02-14 08:47:02.727root 11241100x80000000000000001754059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97bd730fff160c12022-02-14 08:47:02.727root 11241100x80000000000000001754060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64e2688713742c12022-02-14 08:47:02.727root 11241100x80000000000000001754061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7e9b2b3acaf1982022-02-14 08:47:02.727root 11241100x80000000000000001754062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b175a0b323de26cd2022-02-14 08:47:02.728root 11241100x80000000000000001754063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa0d4731be859cc2022-02-14 08:47:02.729root 11241100x80000000000000001754064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9114281a903cfc2022-02-14 08:47:02.729root 11241100x80000000000000001754065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec23c56d1049f2ac2022-02-14 08:47:02.729root 11241100x80000000000000001754066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce127a720fc46562022-02-14 08:47:02.729root 11241100x80000000000000001754067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e299ae6ffca3622022-02-14 08:47:02.730root 11241100x80000000000000001754068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8a6f7026440bfd2022-02-14 08:47:02.730root 11241100x80000000000000001754069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af23d08024f282072022-02-14 08:47:02.730root 11241100x80000000000000001754070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea8571039a40bca2022-02-14 08:47:02.730root 11241100x80000000000000001754071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb8a40e11226acb2022-02-14 08:47:02.731root 11241100x80000000000000001754072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78981fb5e73fee02022-02-14 08:47:02.732root 11241100x80000000000000001754073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465fba12055be9c42022-02-14 08:47:02.732root 11241100x80000000000000001754074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644ec167e8829f0e2022-02-14 08:47:02.732root 11241100x80000000000000001754075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e114c13cfc141d792022-02-14 08:47:02.732root 11241100x80000000000000001754076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e4ea78186308002022-02-14 08:47:02.732root 11241100x80000000000000001754077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.733{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bedc82a0c3f3d12022-02-14 08:47:02.733root 11241100x80000000000000001754078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.733{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2ed3ba2407a4ce2022-02-14 08:47:02.733root 11241100x80000000000000001754079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.733{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53226e9ad7aa84d2022-02-14 08:47:02.733root 11241100x80000000000000001754080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774598c538aaf84b2022-02-14 08:47:02.734root 11241100x80000000000000001754081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864939184abfdcd32022-02-14 08:47:02.734root 11241100x80000000000000001754082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3b5dd30a32c4aa2022-02-14 08:47:02.735root 11241100x80000000000000001754083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11317e1a9345bba72022-02-14 08:47:02.735root 11241100x80000000000000001754084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413548cc4e31b9142022-02-14 08:47:02.735root 11241100x80000000000000001754085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1710c8177bca112022-02-14 08:47:02.736root 11241100x80000000000000001754086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1dc8754b3ed5882022-02-14 08:47:02.736root 11241100x80000000000000001754087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772e2c4b47c211e92022-02-14 08:47:02.736root 11241100x80000000000000001754088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba0cf45a40589d82022-02-14 08:47:02.736root 11241100x80000000000000001754089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f2d958ee5e47d32022-02-14 08:47:02.736root 11241100x80000000000000001754090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.737{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb989e5e878967182022-02-14 08:47:02.737root 11241100x80000000000000001754091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.737{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c56d336747a43f2022-02-14 08:47:02.737root 11241100x80000000000000001754092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.738{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09594acbff61d7ad2022-02-14 08:47:02.738root 11241100x80000000000000001754093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.738{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4ee636c5cc9a0e2022-02-14 08:47:02.738root 11241100x80000000000000001754094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.738{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c252c30a2428072022-02-14 08:47:02.738root 11241100x80000000000000001754095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdec5e493a1fa392022-02-14 08:47:02.739root 11241100x80000000000000001754096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff012abc8b21ed02022-02-14 08:47:02.739root 11241100x80000000000000001754097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0de3768499e3b42022-02-14 08:47:02.739root 11241100x80000000000000001754098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842b71d8614c81952022-02-14 08:47:02.739root 11241100x80000000000000001754099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d32ea3044ac3d162022-02-14 08:47:02.740root 11241100x80000000000000001754100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d0442195fce0e62022-02-14 08:47:02.740root 11241100x80000000000000001754101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bc82718538d6a02022-02-14 08:47:02.740root 11241100x80000000000000001754102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86cbf886a1f23c862022-02-14 08:47:02.740root 11241100x80000000000000001754103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570bc7e078c2e8592022-02-14 08:47:02.741root 11241100x80000000000000001754104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab4328f39243faa2022-02-14 08:47:02.741root 11241100x80000000000000001754105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.741{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b551d63cd4787da62022-02-14 08:47:02.741root 11241100x80000000000000001754106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da602c153a6073c2022-02-14 08:47:02.742root 11241100x80000000000000001754107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b03d76b2af227e2022-02-14 08:47:02.742root 11241100x80000000000000001754108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba340f183a84992a2022-02-14 08:47:02.742root 11241100x80000000000000001754109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.744{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197c27e38b64e65d2022-02-14 08:47:02.744root 11241100x80000000000000001754110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbd7e7dcea7619e2022-02-14 08:47:02.745root 11241100x80000000000000001754111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654ee6abf8beb3c12022-02-14 08:47:02.745root 11241100x80000000000000001754112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f0f8f8cbab0f972022-02-14 08:47:02.745root 11241100x80000000000000001754113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35e3d0e659ed6f12022-02-14 08:47:02.746root 11241100x80000000000000001754114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09df99e87fba2ff2022-02-14 08:47:02.746root 11241100x80000000000000001754115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8c335eb7f5905c2022-02-14 08:47:02.746root 11241100x80000000000000001754116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f4ee3ea9496fd82022-02-14 08:47:02.746root 11241100x80000000000000001754117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3f55980623db8a2022-02-14 08:47:02.746root 11241100x80000000000000001754118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2100ed0fbafb8b702022-02-14 08:47:02.746root 11241100x80000000000000001754119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d9961b281da0972022-02-14 08:47:02.746root 11241100x80000000000000001754120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5e9352d892372c2022-02-14 08:47:02.746root 11241100x80000000000000001754121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aded3cc8600141ae2022-02-14 08:47:02.746root 11241100x80000000000000001754122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c063198b11df206c2022-02-14 08:47:02.748root 11241100x80000000000000001754123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c802b4ab48bc77222022-02-14 08:47:02.748root 11241100x80000000000000001754124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37adac8b731eb1662022-02-14 08:47:02.748root 11241100x80000000000000001754125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9813bd7714212262022-02-14 08:47:02.748root 11241100x80000000000000001754126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577300e523d6d1b52022-02-14 08:47:02.749root 11241100x80000000000000001754127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1558c6c3aa7621d92022-02-14 08:47:02.749root 11241100x80000000000000001754128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.750{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddad4013b9738aa2022-02-14 08:47:02.750root 11241100x80000000000000001754129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.751{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673f9c72030540bf2022-02-14 08:47:02.751root 11241100x80000000000000001754130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.751{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dad5d52c2d3fa672022-02-14 08:47:02.751root 11241100x80000000000000001754131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.752{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce4248ead00e1192022-02-14 08:47:02.752root 11241100x80000000000000001754132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.752{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c47da973b9fe7ec2022-02-14 08:47:02.752root 11241100x80000000000000001754133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.752{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2229c7a9c6b1ab2022-02-14 08:47:02.752root 11241100x80000000000000001754134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.752{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fc6cf0a961c62a2022-02-14 08:47:02.752root 11241100x80000000000000001754135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.753{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d75b388327556bd2022-02-14 08:47:02.753root 11241100x80000000000000001754136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.753{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3726762f826acfa2022-02-14 08:47:02.753root 11241100x80000000000000001754137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.754{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3057ffb5070e292022-02-14 08:47:02.754root 11241100x80000000000000001754138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.754{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b309c2f767a352f72022-02-14 08:47:02.754root 11241100x80000000000000001754139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.754{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdd89224736f1282022-02-14 08:47:02.754root 11241100x80000000000000001754140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.755{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b001f9daa2c262732022-02-14 08:47:02.755root 11241100x80000000000000001754141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.755{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04c6d29ff08b0782022-02-14 08:47:02.755root 11241100x80000000000000001754142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.755{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fc96481c051fb82022-02-14 08:47:02.755root 11241100x80000000000000001754143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.756{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9655e8b278c310992022-02-14 08:47:02.756root 11241100x80000000000000001754144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.756{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65525a9c22b16aa2022-02-14 08:47:02.756root 11241100x80000000000000001754145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.756{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f7689b29d85a5e2022-02-14 08:47:02.756root 11241100x80000000000000001754146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.757{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dce95a08af8a9c02022-02-14 08:47:02.757root 11241100x80000000000000001754147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.757{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cc58f3cea001092022-02-14 08:47:02.757root 11241100x80000000000000001754148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.758{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24a838c50bcef222022-02-14 08:47:02.758root 11241100x80000000000000001754149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.758{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1fdc31f4d09c6e2022-02-14 08:47:02.758root 11241100x80000000000000001754150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.758{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b3dab5464453762022-02-14 08:47:02.758root 11241100x80000000000000001754151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.759{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7cf47e698756442022-02-14 08:47:02.759root 11241100x80000000000000001754152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.760{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee2242d42321d702022-02-14 08:47:02.760root 11241100x80000000000000001754153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.760{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b366a5f41259dfaf2022-02-14 08:47:02.760root 11241100x80000000000000001754154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.760{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42139b4c73f581a72022-02-14 08:47:02.760root 11241100x80000000000000001754155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.760{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4bdc619051a59e2022-02-14 08:47:02.760root 11241100x80000000000000001754156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.761{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6175afeb05f45b2022-02-14 08:47:02.761root 11241100x80000000000000001754157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.761{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7293e7aaa7ca03992022-02-14 08:47:02.761root 11241100x80000000000000001754158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.761{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54f23b0e9453ee42022-02-14 08:47:02.761root 11241100x80000000000000001754159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.762{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02f84ea83c28ea52022-02-14 08:47:02.762root 11241100x80000000000000001754160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.762{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3731767be6b96f7b2022-02-14 08:47:02.762root 11241100x80000000000000001754161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.762{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe062e72e62bf172022-02-14 08:47:02.762root 11241100x80000000000000001754162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.762{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcab28d460d77b32022-02-14 08:47:02.762root 11241100x80000000000000001754163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.762{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd9e21386b23c092022-02-14 08:47:02.762root 11241100x80000000000000001754164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.763{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21dc8190ba75aaad2022-02-14 08:47:02.763root 11241100x80000000000000001754165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.763{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e1fe196b944ee32022-02-14 08:47:02.763root 11241100x80000000000000001754166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.763{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edfc329c439824c2022-02-14 08:47:02.763root 11241100x80000000000000001754167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.763{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a6b765a92434de2022-02-14 08:47:02.763root 11241100x80000000000000001754168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.764{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93534a42e237e8d22022-02-14 08:47:02.764root 11241100x80000000000000001754169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.764{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e23b56a36519b212022-02-14 08:47:02.764root 11241100x80000000000000001754170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.764{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a843ec284857de2022-02-14 08:47:02.764root 11241100x80000000000000001754171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.765{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da6885e6c85d8052022-02-14 08:47:02.765root 11241100x80000000000000001754172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.765{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6f63671998c6b72022-02-14 08:47:02.765root 11241100x80000000000000001754173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.766{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e589c15354c5242022-02-14 08:47:02.766root 11241100x80000000000000001754174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.766{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811f7a1d4b57894d2022-02-14 08:47:02.766root 11241100x80000000000000001754175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.767{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6869aa31f1ca7202022-02-14 08:47:02.767root 11241100x80000000000000001754176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.767{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f149b36d8ec1e92022-02-14 08:47:02.767root 11241100x80000000000000001754177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.767{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e085bf1c3054c9bc2022-02-14 08:47:02.767root 11241100x80000000000000001754178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.767{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978aa3763036aff92022-02-14 08:47:02.767root 11241100x80000000000000001754179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.767{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0132ebd3777cce42022-02-14 08:47:02.767root 11241100x80000000000000001754180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.767{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e545a9b298628292022-02-14 08:47:02.767root 11241100x80000000000000001754181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.768{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f485424aac3c26d22022-02-14 08:47:02.768root 11241100x80000000000000001754182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.768{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0dd4ad55594255f2022-02-14 08:47:02.768root 11241100x80000000000000001754183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.768{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cd81174e981e112022-02-14 08:47:02.768root 11241100x80000000000000001754184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.768{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23299f88a3e713552022-02-14 08:47:02.768root 11241100x80000000000000001754185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.769{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcfd3ac8c283f922022-02-14 08:47:02.769root 11241100x80000000000000001754186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.769{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449ff53acfbc116f2022-02-14 08:47:02.769root 11241100x80000000000000001754187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.769{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90c030ee5c732d22022-02-14 08:47:02.769root 11241100x80000000000000001754188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.769{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0d39f53fad2ed42022-02-14 08:47:02.769root 11241100x80000000000000001754189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.770{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce90fd2787b2082a2022-02-14 08:47:02.770root 11241100x80000000000000001754190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.770{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1344affbcdeefbe2022-02-14 08:47:02.770root 11241100x80000000000000001754191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.770{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de96ba4114f267e2022-02-14 08:47:02.770root 11241100x80000000000000001754192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.770{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d729bfaeb889a1672022-02-14 08:47:02.770root 11241100x80000000000000001754193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.770{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc87d71b295f083f2022-02-14 08:47:02.770root 11241100x80000000000000001754194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.770{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2eeb7e41fd9c3502022-02-14 08:47:02.770root 11241100x80000000000000001754195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.771{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba29c93c618fae9a2022-02-14 08:47:02.771root 11241100x80000000000000001754196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.771{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549cf2b7b45668bb2022-02-14 08:47:02.771root 11241100x80000000000000001754197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.771{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716fa1ca45d7f3c22022-02-14 08:47:02.771root 11241100x80000000000000001754198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.771{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe168341dd8c530c2022-02-14 08:47:02.771root 11241100x80000000000000001754199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.771{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afe2461f4fdc34a2022-02-14 08:47:02.771root 11241100x80000000000000001754200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.772{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c85142dc04f959d2022-02-14 08:47:02.772root 11241100x80000000000000001754201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.772{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c33db2d38cdc13f2022-02-14 08:47:02.772root 11241100x80000000000000001754202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.772{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97985a27fcce4ad42022-02-14 08:47:02.772root 11241100x80000000000000001754203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.772{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850d68f9728b73392022-02-14 08:47:02.772root 11241100x80000000000000001754204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.772{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326e98928e3c4b532022-02-14 08:47:02.772root 11241100x80000000000000001754205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.775{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d734105f290a112022-02-14 08:47:02.775root 11241100x80000000000000001754206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.776{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200fdefc268cd8db2022-02-14 08:47:02.776root 11241100x80000000000000001754207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.776{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2569d395e9a7a1d2022-02-14 08:47:02.776root 11241100x80000000000000001754208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.776{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d59f7b15872d4c72022-02-14 08:47:02.776root 11241100x80000000000000001754209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.777{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b9fb5ae6c93a3d2022-02-14 08:47:02.777root 11241100x80000000000000001754210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.777{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb9a1f9764c20672022-02-14 08:47:02.777root 11241100x80000000000000001754211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.778{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51943d15bc5b1a32022-02-14 08:47:02.778root 11241100x80000000000000001754212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.779{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ce3b2076daaf852022-02-14 08:47:02.779root 11241100x80000000000000001754213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.779{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b763c11c6f19bb22022-02-14 08:47:02.779root 11241100x80000000000000001754214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.780{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f144912a2557d892022-02-14 08:47:02.780root 11241100x80000000000000001754215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.780{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b25f2e23624dcbd2022-02-14 08:47:02.780root 11241100x80000000000000001754216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.780{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b9d6567427e57a2022-02-14 08:47:02.780root 11241100x80000000000000001754217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.780{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09984e9c44308572022-02-14 08:47:02.780root 11241100x80000000000000001754218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.781{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053ceae86777136f2022-02-14 08:47:02.781root 11241100x80000000000000001754219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.781{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2860a4c4db63e22022-02-14 08:47:02.781root 11241100x80000000000000001754220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.781{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4566aa5eb7c1a0e2022-02-14 08:47:02.781root 11241100x80000000000000001754221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.782{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3bbeab154f08b92022-02-14 08:47:02.782root 11241100x80000000000000001754222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.782{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4332f4dc0fb115b02022-02-14 08:47:02.782root 11241100x80000000000000001754223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.782{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ab56b96b185d3b2022-02-14 08:47:02.782root 11241100x80000000000000001754224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.782{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6f37e753f6f9832022-02-14 08:47:02.782root 11241100x80000000000000001754225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.782{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7381c7b02e67e0ca2022-02-14 08:47:02.782root 11241100x80000000000000001754226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.783{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ce55cc57fc62e92022-02-14 08:47:02.783root 11241100x80000000000000001754227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.783{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab702611fef6af2b2022-02-14 08:47:02.783root 11241100x80000000000000001754228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.783{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5d07ce616c25742022-02-14 08:47:02.783root 11241100x80000000000000001754229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.783{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b521ec2d5ea1f82022-02-14 08:47:02.783root 11241100x80000000000000001754230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.784{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a12065b4d88b9cd2022-02-14 08:47:02.784root 11241100x80000000000000001754231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.784{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1257599257a08cb2022-02-14 08:47:02.784root 11241100x80000000000000001754232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.784{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5751cc16b959052022-02-14 08:47:02.784root 11241100x80000000000000001754233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.784{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7aef4303988bfb2022-02-14 08:47:02.784root 11241100x80000000000000001754234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.784{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ad4e644f5a10402022-02-14 08:47:02.784root 11241100x80000000000000001754235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.785{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03812f2eb324578b2022-02-14 08:47:02.785root 11241100x80000000000000001754236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.785{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71176cbc89b254de2022-02-14 08:47:02.785root 11241100x80000000000000001754237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.785{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a947830288e46e8a2022-02-14 08:47:02.785root 11241100x80000000000000001754238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.786{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cb052f394bba342022-02-14 08:47:02.786root 11241100x80000000000000001754239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.786{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b15d0421a6809492022-02-14 08:47:02.786root 11241100x80000000000000001754240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.786{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.facd22a1119888092022-02-14 08:47:02.786root 11241100x80000000000000001754241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.786{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14fe18bb8d27d102022-02-14 08:47:02.786root 11241100x80000000000000001754242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.786{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a905123bdd1483ae2022-02-14 08:47:02.786root 11241100x80000000000000001754243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.787{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47913c36fb0c05a72022-02-14 08:47:02.787root 11241100x80000000000000001754244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.787{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fa9bf945e736ac2022-02-14 08:47:02.787root 11241100x80000000000000001754245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.787{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1f6fc31ed061302022-02-14 08:47:02.787root 11241100x80000000000000001754246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.787{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d2d065cdb51ff72022-02-14 08:47:02.787root 11241100x80000000000000001754247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.787{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0ad2fbe0f968c22022-02-14 08:47:02.787root 11241100x80000000000000001754248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.788{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7877e2fdb5ee18932022-02-14 08:47:02.788root 11241100x80000000000000001754249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.788{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249f87f0dbbce15e2022-02-14 08:47:02.788root 11241100x80000000000000001754250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.788{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee33b1cedc8a69f2022-02-14 08:47:02.788root 11241100x80000000000000001754251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.789{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb82e0fa8a8497b2022-02-14 08:47:02.789root 11241100x80000000000000001754252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.789{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a3cb9d32a9eda92022-02-14 08:47:02.789root 11241100x80000000000000001754253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.789{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a1fa01524101972022-02-14 08:47:02.789root 11241100x80000000000000001754254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.790{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617da71d572a591c2022-02-14 08:47:02.790root 11241100x80000000000000001754255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.790{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499115fd507d53892022-02-14 08:47:02.790root 11241100x80000000000000001754256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.791{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53eb34fbab56c242022-02-14 08:47:02.791root 11241100x80000000000000001754257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.791{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df523969829a8a1d2022-02-14 08:47:02.791root 11241100x80000000000000001754258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.791{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5c16b19b699e722022-02-14 08:47:02.791root 11241100x80000000000000001754259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.791{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccdc6e56c2c6d002022-02-14 08:47:02.791root 11241100x80000000000000001754260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.792{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f9255ba4b6878e2022-02-14 08:47:02.792root 11241100x80000000000000001754261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.792{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d504206d2c2f43892022-02-14 08:47:02.792root 11241100x80000000000000001754262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.792{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c6c9f2ecbc50922022-02-14 08:47:02.792root 11241100x80000000000000001754263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.793{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c095697723dc82e2022-02-14 08:47:02.793root 11241100x80000000000000001754264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.793{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6eec1131bc6a472022-02-14 08:47:02.793root 11241100x80000000000000001754265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.793{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5466d07ece4f89932022-02-14 08:47:02.793root 11241100x80000000000000001754266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.794{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9acf81523f2bfd2022-02-14 08:47:02.794root 11241100x80000000000000001754267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.794{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73603f7dafad1a922022-02-14 08:47:02.794root 11241100x80000000000000001754268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.794{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357f2508e3828abb2022-02-14 08:47:02.794root 11241100x80000000000000001754269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.794{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b46870151cafc82022-02-14 08:47:02.794root 11241100x80000000000000001754270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.794{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a222a803aa92eda2022-02-14 08:47:02.794root 11241100x80000000000000001754271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.795{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56ddcf3d76ff4da2022-02-14 08:47:02.795root 11241100x80000000000000001754272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.795{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c191b143caa845a2022-02-14 08:47:02.795root 11241100x80000000000000001754273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.795{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a1e297ed2fd3992022-02-14 08:47:02.795root 11241100x80000000000000001754274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.795{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70b4998fb447f012022-02-14 08:47:02.795root 11241100x80000000000000001754275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.795{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040fcd8b1db0642d2022-02-14 08:47:02.795root 11241100x80000000000000001754276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.796{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe158e5419bb9822022-02-14 08:47:02.796root 11241100x80000000000000001754277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.796{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0040848a7f4370082022-02-14 08:47:02.796root 11241100x80000000000000001754278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.796{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d7c0b56f69ad472022-02-14 08:47:02.796root 11241100x80000000000000001754279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.796{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e94742b4e2a2d3c2022-02-14 08:47:02.796root 11241100x80000000000000001754280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.796{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b85045683b510262022-02-14 08:47:02.796root 11241100x80000000000000001754281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.797{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ebf68ff25ecead2022-02-14 08:47:02.797root 11241100x80000000000000001754282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.797{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3487175cec929e132022-02-14 08:47:02.797root 11241100x80000000000000001754283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.797{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4164b520105f3a8f2022-02-14 08:47:02.797root 11241100x80000000000000001754284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.797{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d911b9e783244e2022-02-14 08:47:02.797root 11241100x80000000000000001754285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.797{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b33673c791506b2022-02-14 08:47:02.797root 11241100x80000000000000001754286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.797{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8155c616b57227b42022-02-14 08:47:02.797root 11241100x80000000000000001754287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.797{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe53b15210f4f6fb2022-02-14 08:47:02.797root 11241100x80000000000000001754288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.798{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022127e89b617cda2022-02-14 08:47:02.798root 11241100x80000000000000001754289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.798{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bf1468324e1c592022-02-14 08:47:02.798root 11241100x80000000000000001754290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.798{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41818e91069f0b0c2022-02-14 08:47:02.798root 11241100x80000000000000001754291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.798{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d064e222d823f4752022-02-14 08:47:02.798root 11241100x80000000000000001754292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.798{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e7815fa0e4d6452022-02-14 08:47:02.798root 11241100x80000000000000001754293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.798{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacfbe10b60525f32022-02-14 08:47:02.798root 11241100x80000000000000001754294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.798{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836da7293639db542022-02-14 08:47:02.798root 11241100x80000000000000001754295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.798{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff2151d766e78e22022-02-14 08:47:02.798root 11241100x80000000000000001754296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.798{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3935a6a921826512022-02-14 08:47:02.798root 11241100x80000000000000001754297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.798{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3e78b0e20589862022-02-14 08:47:02.798root 11241100x80000000000000001754298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.799{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b756d5abd1964e52022-02-14 08:47:02.799root 11241100x80000000000000001754299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.799{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4646db149c833c2022-02-14 08:47:02.799root 11241100x80000000000000001754300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.799{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50f7e910b8188a42022-02-14 08:47:02.799root 11241100x80000000000000001754301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.799{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a35533ef3443312022-02-14 08:47:02.799root 11241100x80000000000000001754302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.799{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd24819b55fc87a72022-02-14 08:47:02.799root 11241100x80000000000000001754303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.799{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1139b0fe1166a5c2022-02-14 08:47:02.799root 11241100x80000000000000001754304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.799{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d8142b6073faf52022-02-14 08:47:02.799root 11241100x80000000000000001754305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.799{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0243526b4c985722022-02-14 08:47:02.799root 11241100x80000000000000001754306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.799{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742a7832c914ece82022-02-14 08:47:02.799root 11241100x80000000000000001754307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.799{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1887dfb8fa1ecab2022-02-14 08:47:02.799root 11241100x80000000000000001754308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e8c1c48e1de8242022-02-14 08:47:02.800root 11241100x80000000000000001754309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c9aeffbefc24442022-02-14 08:47:02.800root 11241100x80000000000000001754310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdea2a74200840ca2022-02-14 08:47:02.800root 11241100x80000000000000001754311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91d9e9d0d74bd712022-02-14 08:47:02.800root 11241100x80000000000000001754312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf700d28d867e4e2022-02-14 08:47:02.800root 11241100x80000000000000001754313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef9e22cf9734c912022-02-14 08:47:02.800root 11241100x80000000000000001754314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5796713ef99226272022-02-14 08:47:02.800root 11241100x80000000000000001754315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff28807ef996cb6d2022-02-14 08:47:02.800root 11241100x80000000000000001754316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d2681debb813722022-02-14 08:47:02.800root 11241100x80000000000000001754317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b61bbb8fe0ba512022-02-14 08:47:02.800root 11241100x80000000000000001754318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34b34720bbbda922022-02-14 08:47:02.800root 11241100x80000000000000001754319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.801{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a3062519d6796d2022-02-14 08:47:02.801root 11241100x80000000000000001754320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.801{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449b22276bdd4ffe2022-02-14 08:47:02.801root 11241100x80000000000000001754321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.801{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ab3ac43eba35b82022-02-14 08:47:02.801root 11241100x80000000000000001754322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.801{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7269f3c51c02b8042022-02-14 08:47:02.801root 11241100x80000000000000001754323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.801{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0679d5272ebe90052022-02-14 08:47:02.801root 11241100x80000000000000001754324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.801{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e24353da36fac1a2022-02-14 08:47:02.801root 11241100x80000000000000001754325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.801{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842e7d282b016f322022-02-14 08:47:02.801root 11241100x80000000000000001754326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.801{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0887599a661d65ca2022-02-14 08:47:02.801root 11241100x80000000000000001754327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.802{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddf9a964ee09b402022-02-14 08:47:02.802root 11241100x80000000000000001754328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.802{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba70e30296902512022-02-14 08:47:02.802root 11241100x80000000000000001754329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.802{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646e68e0709716a62022-02-14 08:47:02.802root 11241100x80000000000000001754330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.802{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4532261482a82fbe2022-02-14 08:47:02.802root 11241100x80000000000000001754331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.802{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc447658c29e1062022-02-14 08:47:02.802root 11241100x80000000000000001754332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.802{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc75e0804058d232022-02-14 08:47:02.802root 11241100x80000000000000001754333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c4feea00c209772022-02-14 08:47:02.803root 11241100x80000000000000001754334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1feb52cf5956ca2022-02-14 08:47:02.803root 11241100x80000000000000001754335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844e8e92112e0a922022-02-14 08:47:02.803root 11241100x80000000000000001754336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d650134d808af72022-02-14 08:47:02.803root 11241100x80000000000000001754337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d247d5e2f7a00282022-02-14 08:47:02.803root 11241100x80000000000000001754338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c39c4fac216be52022-02-14 08:47:02.803root 11241100x80000000000000001754339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4a81c54d9fa89f2022-02-14 08:47:02.803root 11241100x80000000000000001754340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.804{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9add6e1e31b1e62022-02-14 08:47:02.804root 11241100x80000000000000001754341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.804{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2013ab77415c9e012022-02-14 08:47:02.804root 11241100x80000000000000001754342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.804{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726fb84b620898f42022-02-14 08:47:02.804root 11241100x80000000000000001754343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.804{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09df69e320069bad2022-02-14 08:47:02.804root 11241100x80000000000000001754344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.804{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109b94570a836c2d2022-02-14 08:47:02.804root 11241100x80000000000000001754345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.804{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57de959709160fbd2022-02-14 08:47:02.804root 11241100x80000000000000001754346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.804{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca61b78a604eddf2022-02-14 08:47:02.804root 11241100x80000000000000001754347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.804{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da3ebede6ffa8132022-02-14 08:47:02.804root 11241100x80000000000000001754348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.804{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca5a5f66d23c4262022-02-14 08:47:02.804root 11241100x80000000000000001754349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.805{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99040ccbab9eb222022-02-14 08:47:02.805root 11241100x80000000000000001754350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.805{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ab8058b0d5269f2022-02-14 08:47:02.805root 11241100x80000000000000001754351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.805{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb55fd6761dc94d2022-02-14 08:47:02.805root 11241100x80000000000000001754352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.805{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cf77eb5839497d2022-02-14 08:47:02.805root 11241100x80000000000000001754353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.806{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3778b9c06d37a0962022-02-14 08:47:02.806root 11241100x80000000000000001754354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.806{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8547d306df607052022-02-14 08:47:02.806root 11241100x80000000000000001754355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.806{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4d3fa72b0d29b02022-02-14 08:47:02.806root 11241100x80000000000000001754356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.807{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c26e2c28f78e6232022-02-14 08:47:02.807root 11241100x80000000000000001754357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.807{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e83c16f0816cecc2022-02-14 08:47:02.807root 11241100x80000000000000001754358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.807{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca84e20f30c4ab0a2022-02-14 08:47:02.807root 11241100x80000000000000001754359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbf2198b8d64c672022-02-14 08:47:02.808root 11241100x80000000000000001754360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9edda55e6952b42022-02-14 08:47:02.808root 11241100x80000000000000001754361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4872a657bd87a02022-02-14 08:47:02.808root 11241100x80000000000000001754362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a256f0047817d32022-02-14 08:47:02.808root 11241100x80000000000000001754363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80beb5e54bf0f202022-02-14 08:47:02.808root 11241100x80000000000000001754364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6c32d5ffd7ac132022-02-14 08:47:02.808root 11241100x80000000000000001754365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0561cbb315e8a42022-02-14 08:47:02.808root 11241100x80000000000000001754366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6386ac56aaa7462022-02-14 08:47:02.808root 11241100x80000000000000001754367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de847ba1c2540b62022-02-14 08:47:02.808root 11241100x80000000000000001754368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868d5e1db260900f2022-02-14 08:47:02.809root 11241100x80000000000000001754369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a80227bc2982fa32022-02-14 08:47:02.809root 11241100x80000000000000001754370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54953e770a530202022-02-14 08:47:02.809root 11241100x80000000000000001754371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c67f60f85667f182022-02-14 08:47:02.809root 11241100x80000000000000001754372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cd96db97da32642022-02-14 08:47:02.809root 11241100x80000000000000001754373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10152da9e985ac622022-02-14 08:47:02.809root 11241100x80000000000000001754374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e753cc200675c32022-02-14 08:47:02.809root 11241100x80000000000000001754375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.810{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a3581b4aa2afba2022-02-14 08:47:02.810root 11241100x80000000000000001754376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.810{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8015fe269015220d2022-02-14 08:47:02.810root 11241100x80000000000000001754377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.810{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a218960eabee482022-02-14 08:47:02.810root 11241100x80000000000000001754378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.810{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f06614e310112912022-02-14 08:47:02.810root 11241100x80000000000000001754379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.810{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d212ac98d18f5e2022-02-14 08:47:02.810root 11241100x80000000000000001754380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.810{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d004f56522ebdf02022-02-14 08:47:02.810root 11241100x80000000000000001754381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.810{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260da4ffd51fa39e2022-02-14 08:47:02.810root 11241100x80000000000000001754382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.810{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850b188650133bc12022-02-14 08:47:02.810root 11241100x80000000000000001754383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac26371200f6019d2022-02-14 08:47:02.811root 11241100x80000000000000001754384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3300be091e6cd2a12022-02-14 08:47:02.811root 11241100x80000000000000001754385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faae841d3908348a2022-02-14 08:47:02.811root 11241100x80000000000000001754386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00f15e0bcca596a2022-02-14 08:47:02.811root 11241100x80000000000000001754387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96888a2b9d12f3ae2022-02-14 08:47:02.811root 11241100x80000000000000001754388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b87f08e2c1ef0842022-02-14 08:47:02.811root 11241100x80000000000000001754389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.812{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b1038d0fd4ea8a2022-02-14 08:47:02.812root 11241100x80000000000000001754390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2481195bbfb4e82d2022-02-14 08:47:02.813root 11241100x80000000000000001754391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafc19316289e9742022-02-14 08:47:02.813root 11241100x80000000000000001754392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb879ed8b67dd2482022-02-14 08:47:02.813root 11241100x80000000000000001754393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd23a830f2a4c24e2022-02-14 08:47:02.813root 11241100x80000000000000001754394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a607b210fceee37f2022-02-14 08:47:02.813root 11241100x80000000000000001754395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a10c9efd04b65bc2022-02-14 08:47:02.813root 11241100x80000000000000001754396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270e4b165be67e2f2022-02-14 08:47:02.813root 11241100x80000000000000001754397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b98c07711735a22022-02-14 08:47:02.813root 11241100x80000000000000001754398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7d6a3b537be45b2022-02-14 08:47:02.813root 11241100x80000000000000001754399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f08e25fef6cbfe2022-02-14 08:47:02.813root 11241100x80000000000000001754400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.814{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cffddf1b3ea9772022-02-14 08:47:02.814root 11241100x80000000000000001754401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.814{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa6085140f228b42022-02-14 08:47:02.814root 11241100x80000000000000001754402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.814{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7053154fa642b002022-02-14 08:47:02.814root 11241100x80000000000000001754403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.814{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c3bc8c9365a8df2022-02-14 08:47:02.814root 11241100x80000000000000001754404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.814{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b209ed5abd85702022-02-14 08:47:02.814root 11241100x80000000000000001754405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.814{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2654e4074b2257072022-02-14 08:47:02.814root 11241100x80000000000000001754406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.814{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061d006dc74cf7922022-02-14 08:47:02.814root 11241100x80000000000000001754407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.814{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0010753eb8de427e2022-02-14 08:47:02.814root 11241100x80000000000000001754408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.814{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccaa723d0b3ee182022-02-14 08:47:02.814root 11241100x80000000000000001754409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.814{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43792a3113dea872022-02-14 08:47:02.814root 11241100x80000000000000001754410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1645ecdf9299cfa02022-02-14 08:47:02.815root 11241100x80000000000000001754411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6278e3194be89b92022-02-14 08:47:02.815root 11241100x80000000000000001754412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6146ffcc23035632022-02-14 08:47:02.815root 11241100x80000000000000001754413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a99a7c43634ad7c2022-02-14 08:47:02.815root 11241100x80000000000000001754414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c4dea7cba1ee612022-02-14 08:47:02.815root 11241100x80000000000000001754415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba25527ff59a46f12022-02-14 08:47:02.815root 11241100x80000000000000001754416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a2adfa0e67cc082022-02-14 08:47:02.815root 11241100x80000000000000001754417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d6e405aa2a4f632022-02-14 08:47:02.815root 11241100x80000000000000001754418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a384dea92f70702022-02-14 08:47:02.815root 11241100x80000000000000001754419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0398ac51266b9ff92022-02-14 08:47:02.815root 11241100x80000000000000001754420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963f91f8113606cf2022-02-14 08:47:02.816root 11241100x80000000000000001754421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671bb035fc42083d2022-02-14 08:47:02.816root 11241100x80000000000000001754422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11733f272c7588af2022-02-14 08:47:02.816root 11241100x80000000000000001754423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9b4964db89829e2022-02-14 08:47:02.816root 11241100x80000000000000001754424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1eb51867b09fbf2022-02-14 08:47:02.816root 11241100x80000000000000001754425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186ada43ec3f18472022-02-14 08:47:02.816root 11241100x80000000000000001754426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b86a5866135b0b72022-02-14 08:47:02.816root 11241100x80000000000000001754427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0470a8c2246aac062022-02-14 08:47:02.816root 11241100x80000000000000001754428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c80a91c8e9fd2322022-02-14 08:47:02.816root 11241100x80000000000000001754429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8558a4b406b3e9642022-02-14 08:47:02.816root 11241100x80000000000000001754430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2369b044464e74f52022-02-14 08:47:02.816root 11241100x80000000000000001754431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.817{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87168455707896b12022-02-14 08:47:02.817root 11241100x80000000000000001754432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.817{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9511921f49cca262022-02-14 08:47:02.817root 11241100x80000000000000001754433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.817{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b043ef6cad3c28062022-02-14 08:47:02.817root 11241100x80000000000000001754434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.817{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508d3e18e68724802022-02-14 08:47:02.817root 11241100x80000000000000001754435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.817{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b5aabf383c4dec2022-02-14 08:47:02.817root 11241100x80000000000000001754436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.817{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a129169c9ff4dd2022-02-14 08:47:02.817root 11241100x80000000000000001754437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.817{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e401a6e57b9ff52022-02-14 08:47:02.817root 11241100x80000000000000001754438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.817{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138f523a5fc1bd7a2022-02-14 08:47:02.817root 11241100x80000000000000001754439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.817{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346bd2fcf469766d2022-02-14 08:47:02.817root 11241100x80000000000000001754440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.817{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0c1576bd24f06b2022-02-14 08:47:02.817root 11241100x80000000000000001754441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9c78fd6efb536c2022-02-14 08:47:02.818root 11241100x80000000000000001754442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2d6756ba041d8a2022-02-14 08:47:02.818root 11241100x80000000000000001754443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e80031f2c9447a42022-02-14 08:47:02.818root 11241100x80000000000000001754444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418c6f45a62b44a82022-02-14 08:47:02.818root 11241100x80000000000000001754445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcefefc0f1083fb2022-02-14 08:47:02.818root 11241100x80000000000000001754446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f264c83fd1a1fd62022-02-14 08:47:02.818root 11241100x80000000000000001754447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493b3ad6939354402022-02-14 08:47:02.818root 11241100x80000000000000001754448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88a4fe24d99a1562022-02-14 08:47:02.818root 11241100x80000000000000001754449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396147b58ae73f192022-02-14 08:47:02.818root 11241100x80000000000000001754450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f536b9a96950de592022-02-14 08:47:02.818root 11241100x80000000000000001754451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15920744c9822a02022-02-14 08:47:02.818root 11241100x80000000000000001754452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80de86eb787dcd02022-02-14 08:47:02.818root 11241100x80000000000000001754453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183b0aa3bbe17be12022-02-14 08:47:02.818root 11241100x80000000000000001754454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4340514ca642172f2022-02-14 08:47:02.818root 11241100x80000000000000001754455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.834{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3abaa891e30dc12022-02-14 08:47:02.834root 11241100x80000000000000001754456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9118f487295e5d92022-02-14 08:47:02.835root 11241100x80000000000000001754457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda977390cceadc32022-02-14 08:47:02.835root 11241100x80000000000000001754458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ecf22dc693e44b2022-02-14 08:47:02.835root 11241100x80000000000000001754459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cdb41f5c25234a2022-02-14 08:47:02.835root 11241100x80000000000000001754460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25649dfae8b67b192022-02-14 08:47:02.835root 11241100x80000000000000001754461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221466ab08c584b62022-02-14 08:47:02.835root 11241100x80000000000000001754462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8e10424bdd5ee22022-02-14 08:47:02.835root 11241100x80000000000000001754463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:02.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95b639dd6b011a82022-02-14 08:47:02.835root 354300x80000000000000001754464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.104{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51550-false10.0.1.12-8000- 11241100x80000000000000001754465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c6ebdbd077e3cb2022-02-14 08:47:03.105root 11241100x80000000000000001754466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd1148c45a8216e2022-02-14 08:47:03.105root 11241100x80000000000000001754467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.105{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a56cdad101c1e5c2022-02-14 08:47:03.105root 11241100x80000000000000001754468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459d34dcac33e9572022-02-14 08:47:03.106root 11241100x80000000000000001754469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73add276e455b9a12022-02-14 08:47:03.106root 11241100x80000000000000001754470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8433814f579d69d2022-02-14 08:47:03.106root 11241100x80000000000000001754471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a343806d4d9bc7ab2022-02-14 08:47:03.106root 11241100x80000000000000001754472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7307576619e04b2022-02-14 08:47:03.106root 11241100x80000000000000001754473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de829761191e9f642022-02-14 08:47:03.106root 11241100x80000000000000001754474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c53cedfcbc6a5122022-02-14 08:47:03.106root 11241100x80000000000000001754475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acc7545bd3cdf2a2022-02-14 08:47:03.106root 11241100x80000000000000001754476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.106{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6695c098ec89702022-02-14 08:47:03.106root 11241100x80000000000000001754477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9080bddad583ec2022-02-14 08:47:03.107root 11241100x80000000000000001754478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4803f24e42b9eea2022-02-14 08:47:03.107root 11241100x80000000000000001754479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465172b913b8991b2022-02-14 08:47:03.107root 11241100x80000000000000001754480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2975f08793136892022-02-14 08:47:03.107root 11241100x80000000000000001754481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6ecdd6dbe9631d2022-02-14 08:47:03.107root 11241100x80000000000000001754482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a448aeba6cc7413d2022-02-14 08:47:03.107root 11241100x80000000000000001754483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be848fb291576932022-02-14 08:47:03.107root 11241100x80000000000000001754484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169affaf086fc6f82022-02-14 08:47:03.107root 11241100x80000000000000001754485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74814292785bc4452022-02-14 08:47:03.107root 11241100x80000000000000001754486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.107{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae641ef6af7553c2022-02-14 08:47:03.107root 11241100x80000000000000001754487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cf03b463eab3422022-02-14 08:47:03.108root 11241100x80000000000000001754488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8519aae1cdd7e312022-02-14 08:47:03.108root 11241100x80000000000000001754489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681a8847f052863b2022-02-14 08:47:03.108root 11241100x80000000000000001754490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499c9836cd0d1bcc2022-02-14 08:47:03.108root 11241100x80000000000000001754491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7509c6bafd0313cd2022-02-14 08:47:03.108root 11241100x80000000000000001754492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28ebf1a2ce455042022-02-14 08:47:03.108root 11241100x80000000000000001754493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd83d7768c7eed6a2022-02-14 08:47:03.108root 11241100x80000000000000001754494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.108{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585406ae7dc6ea002022-02-14 08:47:03.108root 11241100x80000000000000001754495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a618199bba6350a32022-02-14 08:47:03.109root 11241100x80000000000000001754496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a35ebd2fb6edc72022-02-14 08:47:03.109root 11241100x80000000000000001754497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b54ed57be261bd2022-02-14 08:47:03.109root 11241100x80000000000000001754498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202bec6092114eca2022-02-14 08:47:03.109root 11241100x80000000000000001754499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3719d29e50355f22022-02-14 08:47:03.109root 11241100x80000000000000001754500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.109{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fe566eb116531d2022-02-14 08:47:03.109root 11241100x80000000000000001754501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2621bc5866f4dc802022-02-14 08:47:03.110root 11241100x80000000000000001754502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b171e35fa2b23e62022-02-14 08:47:03.110root 11241100x80000000000000001754503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561e7ea57306f58e2022-02-14 08:47:03.110root 11241100x80000000000000001754504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2b1d89c8d4bf6c2022-02-14 08:47:03.110root 11241100x80000000000000001754505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d32ab387f4604232022-02-14 08:47:03.110root 11241100x80000000000000001754506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e30822cb19fe8c2022-02-14 08:47:03.110root 11241100x80000000000000001754507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.110{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d52b128d52ddf032022-02-14 08:47:03.110root 11241100x80000000000000001754508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7a82d79240b34e2022-02-14 08:47:03.111root 11241100x80000000000000001754509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ecee46aba0878f2022-02-14 08:47:03.111root 11241100x80000000000000001754510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0b3bf2481aaa562022-02-14 08:47:03.111root 11241100x80000000000000001754511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca5e19df1e9aac72022-02-14 08:47:03.111root 11241100x80000000000000001754512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5846f74fa4a5492022-02-14 08:47:03.111root 11241100x80000000000000001754513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9f8b21345345f02022-02-14 08:47:03.111root 11241100x80000000000000001754514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52113e82752f6e612022-02-14 08:47:03.111root 11241100x80000000000000001754515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb79847291f4b9d2022-02-14 08:47:03.111root 11241100x80000000000000001754516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.111{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feca802fd334e1f92022-02-14 08:47:03.111root 11241100x80000000000000001754517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.112{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b98d9f9e39589d42022-02-14 08:47:03.112root 11241100x80000000000000001754518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.112{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129918b09c38bd502022-02-14 08:47:03.112root 11241100x80000000000000001754519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.112{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753c882b78ac61cd2022-02-14 08:47:03.112root 11241100x80000000000000001754520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.112{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5ae6efd1e17ffb2022-02-14 08:47:03.112root 11241100x80000000000000001754521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.112{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61dc380cf713b01e2022-02-14 08:47:03.112root 11241100x80000000000000001754522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.112{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6e903bc3df1ae92022-02-14 08:47:03.112root 11241100x80000000000000001754523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.113{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cf474a2daa69882022-02-14 08:47:03.113root 11241100x80000000000000001754524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.113{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc2eab621a940a72022-02-14 08:47:03.113root 11241100x80000000000000001754525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.113{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdba1919247af522022-02-14 08:47:03.113root 11241100x80000000000000001754526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.113{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbbe99e3036edd82022-02-14 08:47:03.113root 11241100x80000000000000001754527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.113{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba1ac4e7ba4ffb82022-02-14 08:47:03.113root 11241100x80000000000000001754528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.113{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e651de4068ec1c2022-02-14 08:47:03.113root 11241100x80000000000000001754529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.113{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebf918309e4a1ff2022-02-14 08:47:03.113root 11241100x80000000000000001754530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.114{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7d63e820589c882022-02-14 08:47:03.114root 11241100x80000000000000001754531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.114{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcf05ba64ba4d332022-02-14 08:47:03.114root 11241100x80000000000000001754532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.114{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d95b6d0fbee687b2022-02-14 08:47:03.114root 11241100x80000000000000001754533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.114{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccabf250bfb49fb92022-02-14 08:47:03.114root 11241100x80000000000000001754534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.114{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66152be6c728d05c2022-02-14 08:47:03.114root 11241100x80000000000000001754535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.114{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82843c0c8844d9cf2022-02-14 08:47:03.114root 11241100x80000000000000001754536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.114{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9317f497f1d106312022-02-14 08:47:03.114root 11241100x80000000000000001754537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.115{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea4055a85533e3a2022-02-14 08:47:03.115root 11241100x80000000000000001754538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.115{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1912f2c6e5107e72022-02-14 08:47:03.115root 11241100x80000000000000001754539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.115{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b336c5dd6d9656e2022-02-14 08:47:03.115root 11241100x80000000000000001754540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.115{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4761589eae313fa22022-02-14 08:47:03.115root 11241100x80000000000000001754541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.115{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368f8baeb8614b252022-02-14 08:47:03.115root 11241100x80000000000000001754542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.115{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c867a7ee379950e22022-02-14 08:47:03.115root 11241100x80000000000000001754543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.115{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3ae790a186cd6b2022-02-14 08:47:03.115root 11241100x80000000000000001754544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.115{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bf34567b33897e2022-02-14 08:47:03.115root 11241100x80000000000000001754545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.116{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275de5ab189f9a8d2022-02-14 08:47:03.116root 11241100x80000000000000001754546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:03.116{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ff559f764868dd2022-02-14 08:47:03.116root 354300x80000000000000001754627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:19.085{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51558-false10.0.1.12-8000- 11241100x80000000000000001754628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:19.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c4bbb25741a8672022-02-14 08:47:19.429root 11241100x80000000000000001754629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:19.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a9379c6d54fc092022-02-14 08:47:19.929root 11241100x80000000000000001754630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:20.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb459151098393d02022-02-14 08:47:20.429root 11241100x80000000000000001754631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f53526169738a3e2022-02-14 08:47:20.930root 154100x80000000000000001754632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:21.253{ec2ab09f-1719-620a-089e-487c76550000}2039/usr/bin/sudo-----sudo chmod 777 net_dis.sh/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{ec2ab09f-1691-620a-0814-31b1c5550000}2004/bin/bash-bashubuntu 11241100x80000000000000001754633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:21.254{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abab7a482aec898a2022-02-14 08:47:21.254root 354300x80000000000000001754634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:21.257{ec2ab09f-1719-620a-089e-487c76550000}2039/usr/bin/sudoubuntuudptruefalse127.0.0.1-58957-false127.0.0.53-53- 354300x80000000000000001754635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:21.258{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-40057-false10.0.0.2-53- 354300x80000000000000001754636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:21.258{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-36424-false10.0.0.2-53- 354300x80000000000000001754637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:21.258{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-58957- 354300x80000000000000001754638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:21.259{ec2ab09f-1719-620a-089e-487c76550000}2039/usr/bin/sudoubuntuudptruefalse127.0.0.1-43240-false127.0.0.53-53- 354300x80000000000000001754639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:21.259{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-43240- 154100x80000000000000001754640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:21.274{ec2ab09f-1719-620a-e0c1-5134d7550000}2040/bin/chmod-----chmod 777 net_dis.sh/home/ubunturoot{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1719-620a-089e-487c76550000}2039/usr/bin/sudosudoubuntu 534500x80000000000000001754641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:21.275{ec2ab09f-1719-620a-e0c1-5134d7550000}2040/bin/chmodroot 534500x80000000000000001754642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:21.276{ec2ab09f-1719-620a-089e-487c76550000}2039/usr/bin/sudoroot 11241100x80000000000000001754643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:21.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9869c4a0191892c92022-02-14 08:47:21.679root 11241100x80000000000000001754644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:21.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afaeb9a0d8142d22022-02-14 08:47:21.680root 11241100x80000000000000001754645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:21.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cc2652fd6124e02022-02-14 08:47:21.680root 11241100x80000000000000001754646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:21.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7934e04a3c8c212022-02-14 08:47:21.680root 11241100x80000000000000001754647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:21.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e3e1ad800f0a792022-02-14 08:47:21.680root 11241100x80000000000000001754648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:21.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f501726c78ad09eb2022-02-14 08:47:21.680root 11241100x80000000000000001754649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:21.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c136502e92ea73c2022-02-14 08:47:21.680root 11241100x80000000000000001754650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:21.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39bb3fbea1db2f52022-02-14 08:47:21.680root 11241100x80000000000000001754651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:21.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1ec450c3763f792022-02-14 08:47:21.681root 11241100x80000000000000001754652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:21.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14908090306920072022-02-14 08:47:21.681root 11241100x80000000000000001754653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:21.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1acd4831327f0aa2022-02-14 08:47:21.681root 11241100x80000000000000001754654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:22.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e269e26e0a82f0f2022-02-14 08:47:22.180root 11241100x80000000000000001754655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:22.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184d29e9ad0908332022-02-14 08:47:22.180root 11241100x80000000000000001754656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:22.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66924ba9883457972022-02-14 08:47:22.180root 11241100x80000000000000001754657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:22.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbf43e6a90937b42022-02-14 08:47:22.180root 11241100x80000000000000001754658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:22.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45a4a60e80068362022-02-14 08:47:22.180root 11241100x80000000000000001754659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:22.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0763eaff7740df72022-02-14 08:47:22.180root 11241100x80000000000000001754660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:22.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79161da5b1d54b9f2022-02-14 08:47:22.180root 11241100x80000000000000001754661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:22.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b2a77406b283032022-02-14 08:47:22.180root 11241100x80000000000000001754662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:22.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4a3615367b6d142022-02-14 08:47:22.180root 11241100x80000000000000001754663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:22.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c3b53fddad16c82022-02-14 08:47:22.180root 11241100x80000000000000001754664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:22.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fe7cabc02642c02022-02-14 08:47:22.181root 11241100x80000000000000001754665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:22.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fdea4e1a66405d2022-02-14 08:47:22.680root 11241100x80000000000000001754666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:22.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f57b7efee7aeb6c2022-02-14 08:47:22.680root 11241100x80000000000000001754667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:22.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f9027e959ece2b2022-02-14 08:47:22.680root 11241100x80000000000000001754668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:22.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41baa9c247170b22022-02-14 08:47:22.680root 11241100x80000000000000001754669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:22.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992ac3a6f943091e2022-02-14 08:47:22.680root 11241100x80000000000000001754670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:22.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763a5b27577e6c3f2022-02-14 08:47:22.680root 11241100x80000000000000001754671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:22.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63e5cac643a6b942022-02-14 08:47:22.680root 11241100x80000000000000001754672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:22.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ad489b8c6d97c82022-02-14 08:47:22.680root 11241100x80000000000000001754673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:22.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f318476df0232e4b2022-02-14 08:47:22.680root 11241100x80000000000000001754674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:22.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9965919ec037712022-02-14 08:47:22.681root 11241100x80000000000000001754675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:22.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d34192acc080f22022-02-14 08:47:22.681root 11241100x80000000000000001754676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:23.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc3fa6655b4bf272022-02-14 08:47:23.180root 11241100x80000000000000001754677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:23.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21df81132242dad42022-02-14 08:47:23.180root 11241100x80000000000000001754678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:23.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195ed533537a09fd2022-02-14 08:47:23.180root 11241100x80000000000000001754679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:23.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae615b05dd8096a32022-02-14 08:47:23.180root 11241100x80000000000000001754680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:23.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fec6fc5a53393602022-02-14 08:47:23.180root 11241100x80000000000000001754681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:23.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d20d12e6ec3517b2022-02-14 08:47:23.180root 11241100x80000000000000001754682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:23.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc885f58a2fda892022-02-14 08:47:23.180root 11241100x80000000000000001754683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:23.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f01efad9824299d2022-02-14 08:47:23.181root 11241100x80000000000000001754684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:23.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d285ca83a084761d2022-02-14 08:47:23.181root 11241100x80000000000000001754685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:23.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281e38a32223eb962022-02-14 08:47:23.181root 11241100x80000000000000001754686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:23.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4d7e8b05aa64a92022-02-14 08:47:23.181root 11241100x80000000000000001754687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:23.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617bc78750210cbf2022-02-14 08:47:23.680root 11241100x80000000000000001754688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:23.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9500985c11c4ded2022-02-14 08:47:23.680root 11241100x80000000000000001754689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:23.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4b5dc6bc364c6c2022-02-14 08:47:23.680root 11241100x80000000000000001754690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:23.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d672681a6c1bd3e2022-02-14 08:47:23.681root 11241100x80000000000000001754691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:23.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe276e62bf6bebf2022-02-14 08:47:23.681root 11241100x80000000000000001754692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:23.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb903b31a7ef7722022-02-14 08:47:23.681root 11241100x80000000000000001754693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:23.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294f229d070486dd2022-02-14 08:47:23.681root 11241100x80000000000000001754694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:23.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cab2fad5acb10362022-02-14 08:47:23.681root 11241100x80000000000000001754695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:23.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d84220b8a07bac42022-02-14 08:47:23.681root 11241100x80000000000000001754696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:23.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77633d08d3de538a2022-02-14 08:47:23.682root 11241100x80000000000000001754697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:23.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f3672a93f7a47b2022-02-14 08:47:23.682root 11241100x80000000000000001754698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24181cd98f16616c2022-02-14 08:47:24.180root 11241100x80000000000000001754699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978a866751fb418c2022-02-14 08:47:24.180root 11241100x80000000000000001754700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc0a685bf3ae9fb2022-02-14 08:47:24.180root 11241100x80000000000000001754701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076421e211440c162022-02-14 08:47:24.180root 11241100x80000000000000001754702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aaa37ce3190e4112022-02-14 08:47:24.180root 11241100x80000000000000001754703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273ebf38532dafe02022-02-14 08:47:24.181root 11241100x80000000000000001754704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f908f75082ad41f2022-02-14 08:47:24.181root 11241100x80000000000000001754705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b7374a147fa7ea2022-02-14 08:47:24.181root 11241100x80000000000000001754706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0c4cf306fb87132022-02-14 08:47:24.181root 11241100x80000000000000001754707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a2485b74792a692022-02-14 08:47:24.182root 11241100x80000000000000001754708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1401c4027f6a732022-02-14 08:47:24.182root 354300x80000000000000001754709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.216{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51560-false10.0.1.12-8000- 11241100x80000000000000001754710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07504c874b81566a2022-02-14 08:47:24.680root 11241100x80000000000000001754711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8aa2e710abb8112022-02-14 08:47:24.680root 11241100x80000000000000001754712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23b817f4d8b3c232022-02-14 08:47:24.680root 11241100x80000000000000001754713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee990b3da305023b2022-02-14 08:47:24.680root 11241100x80000000000000001754714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb425d69f3873a52022-02-14 08:47:24.680root 11241100x80000000000000001754715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab52a33c2467c7422022-02-14 08:47:24.680root 11241100x80000000000000001754716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93d27c052263a212022-02-14 08:47:24.681root 11241100x80000000000000001754717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2b0c877ef87d1a2022-02-14 08:47:24.681root 11241100x80000000000000001754718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a870467faca4622022-02-14 08:47:24.681root 11241100x80000000000000001754719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8e8e31793ceb8c2022-02-14 08:47:24.681root 11241100x80000000000000001754720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027c9d0e40933c5f2022-02-14 08:47:24.681root 11241100x80000000000000001754721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:24.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7306990eb3d05912022-02-14 08:47:24.681root 11241100x80000000000000001754722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e384ccb1a890e39c2022-02-14 08:47:25.180root 11241100x80000000000000001754723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705d1b0ad7d10ff92022-02-14 08:47:25.180root 11241100x80000000000000001754724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bf801c909653462022-02-14 08:47:25.180root 11241100x80000000000000001754725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43485d20ae574562022-02-14 08:47:25.180root 11241100x80000000000000001754726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66ac0f8c49c04bc2022-02-14 08:47:25.180root 11241100x80000000000000001754727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303bae1ada0ce9062022-02-14 08:47:25.180root 11241100x80000000000000001754728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82973745b109101b2022-02-14 08:47:25.180root 11241100x80000000000000001754729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd836801c4120f12022-02-14 08:47:25.181root 11241100x80000000000000001754730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcee2df3f44b31a2022-02-14 08:47:25.181root 11241100x80000000000000001754731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a258e21b0327292022-02-14 08:47:25.181root 11241100x80000000000000001754732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8655822a49666b602022-02-14 08:47:25.181root 11241100x80000000000000001754733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97bee32060b18022022-02-14 08:47:25.181root 11241100x80000000000000001754734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce123f4381ccfbf2022-02-14 08:47:25.680root 11241100x80000000000000001754735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0222cea496e82ae2022-02-14 08:47:25.680root 11241100x80000000000000001754736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84044a2b3b5552862022-02-14 08:47:25.680root 11241100x80000000000000001754737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097715732d4b8a632022-02-14 08:47:25.680root 11241100x80000000000000001754738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c5ab2a18dc13d42022-02-14 08:47:25.681root 11241100x80000000000000001754739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af7f778c9d5a4092022-02-14 08:47:25.681root 11241100x80000000000000001754740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7358d4f0f5148acd2022-02-14 08:47:25.681root 11241100x80000000000000001754741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6e15cc65c096a72022-02-14 08:47:25.681root 11241100x80000000000000001754742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000237324f41500e2022-02-14 08:47:25.681root 11241100x80000000000000001754743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9748aee3b69d4c362022-02-14 08:47:25.682root 11241100x80000000000000001754744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8d9682cb63edcd2022-02-14 08:47:25.682root 11241100x80000000000000001754745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:25.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015f31ebdd16709e2022-02-14 08:47:25.682root 11241100x80000000000000001754746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c4642c3b22ff772022-02-14 08:47:26.180root 11241100x80000000000000001754747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f169fa31c82fe12022-02-14 08:47:26.180root 11241100x80000000000000001754748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c916da9bb23dea912022-02-14 08:47:26.180root 11241100x80000000000000001754749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95754be579c5a5652022-02-14 08:47:26.180root 11241100x80000000000000001754750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3956ececa242f9da2022-02-14 08:47:26.180root 11241100x80000000000000001754751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20af3b085b3f78062022-02-14 08:47:26.180root 11241100x80000000000000001754752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ec14ba5ee8ca422022-02-14 08:47:26.180root 11241100x80000000000000001754753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ab11c836e4bd672022-02-14 08:47:26.180root 11241100x80000000000000001754754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fda35753399e952022-02-14 08:47:26.181root 11241100x80000000000000001754755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4e0a34f8db10102022-02-14 08:47:26.181root 11241100x80000000000000001754756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7796d30ac509b7952022-02-14 08:47:26.181root 11241100x80000000000000001754757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bc12784e4d84202022-02-14 08:47:26.181root 11241100x80000000000000001754758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a01918a7642b6e2022-02-14 08:47:26.680root 11241100x80000000000000001754759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28738f1ea3e45a922022-02-14 08:47:26.680root 11241100x80000000000000001754760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0ad16545404d072022-02-14 08:47:26.680root 11241100x80000000000000001754761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f944cb1555ac9a2022-02-14 08:47:26.680root 11241100x80000000000000001754762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3be641f04b2fe212022-02-14 08:47:26.680root 11241100x80000000000000001754763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffe67dc9701fe582022-02-14 08:47:26.680root 11241100x80000000000000001754764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd15031a430b9f22022-02-14 08:47:26.680root 11241100x80000000000000001754765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2060871f8354c162022-02-14 08:47:26.681root 11241100x80000000000000001754766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40121bba39ba02a2022-02-14 08:47:26.681root 11241100x80000000000000001754767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e05179969c46312022-02-14 08:47:26.681root 11241100x80000000000000001754768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ba81e5f02f665e2022-02-14 08:47:26.681root 11241100x80000000000000001754769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:26.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c069e933cfbe6562022-02-14 08:47:26.681root 11241100x80000000000000001754770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ab59fadd7de1d12022-02-14 08:47:27.180root 11241100x80000000000000001754771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6aec73309102a52022-02-14 08:47:27.180root 11241100x80000000000000001754772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c39c59c03da4d12022-02-14 08:47:27.181root 11241100x80000000000000001754773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebd4fdee33ac3d92022-02-14 08:47:27.181root 11241100x80000000000000001754774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbeb576a86c712d2022-02-14 08:47:27.181root 11241100x80000000000000001754775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbacd78a6893c8622022-02-14 08:47:27.181root 11241100x80000000000000001754776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e499481464a9d3e32022-02-14 08:47:27.181root 11241100x80000000000000001754777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02e3df89c3aa4ff2022-02-14 08:47:27.182root 11241100x80000000000000001754778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1512179bf85cb5f72022-02-14 08:47:27.182root 11241100x80000000000000001754779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665f948d78c90e792022-02-14 08:47:27.182root 11241100x80000000000000001754780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23be500b47eca4002022-02-14 08:47:27.183root 11241100x80000000000000001754781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cead4c5fc39a9a62022-02-14 08:47:27.183root 11241100x80000000000000001754782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bae1a17bde8cff2022-02-14 08:47:27.680root 11241100x80000000000000001754783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8800119cec11b32022-02-14 08:47:27.680root 11241100x80000000000000001754784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7a75e9c54ea8602022-02-14 08:47:27.680root 11241100x80000000000000001754785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a009f16963e13c2022-02-14 08:47:27.681root 11241100x80000000000000001754786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5aacfdf97b18a482022-02-14 08:47:27.681root 11241100x80000000000000001754787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fea6102dd0c5cef2022-02-14 08:47:27.681root 11241100x80000000000000001754788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8137133468ff6042022-02-14 08:47:27.681root 11241100x80000000000000001754789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29187e17aa4dbc022022-02-14 08:47:27.681root 11241100x80000000000000001754790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4043680a9a25ba942022-02-14 08:47:27.681root 11241100x80000000000000001754791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4b4dd511c05f062022-02-14 08:47:27.682root 11241100x80000000000000001754792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08745cce794a3ae42022-02-14 08:47:27.682root 11241100x80000000000000001754793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c0fb01789577d42022-02-14 08:47:27.682root 154100x80000000000000001754794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.924{ec2ab09f-171f-620a-e8a6-ed4303560000}2041/bin/ls-----ls --color=auto -l/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{ec2ab09f-1691-620a-0814-31b1c5550000}2004/bin/bash-bashubuntu 534500x80000000000000001754795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:27.927{ec2ab09f-171f-620a-e8a6-ed4303560000}2041/bin/lsubuntu 11241100x80000000000000001754796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45b3962e994addb2022-02-14 08:47:28.180root 11241100x80000000000000001754797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce162b5e6a7c9752022-02-14 08:47:28.180root 11241100x80000000000000001754798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046c69ac80d47cb62022-02-14 08:47:28.180root 11241100x80000000000000001754799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa2790c65f7f9312022-02-14 08:47:28.180root 11241100x80000000000000001754800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb996d3d5277de62022-02-14 08:47:28.180root 11241100x80000000000000001754801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1610459bae87612022-02-14 08:47:28.180root 11241100x80000000000000001754802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c18f0f6d8aea8dd2022-02-14 08:47:28.180root 11241100x80000000000000001754803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543c3c0c241f21ef2022-02-14 08:47:28.181root 11241100x80000000000000001754804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de530afc96984be02022-02-14 08:47:28.181root 11241100x80000000000000001754805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6c7251efcfd5422022-02-14 08:47:28.181root 11241100x80000000000000001754806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f6ac63e6fcb5e12022-02-14 08:47:28.181root 11241100x80000000000000001754807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a1d31b7afc8f0c2022-02-14 08:47:28.181root 11241100x80000000000000001754808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b462c0a326745312022-02-14 08:47:28.181root 11241100x80000000000000001754809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9120ba9e95cce9712022-02-14 08:47:28.181root 11241100x80000000000000001754810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbdf8ad4f29641d2022-02-14 08:47:28.680root 11241100x80000000000000001754811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1807dc910d92a3a62022-02-14 08:47:28.680root 11241100x80000000000000001754812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434351dfaae923ce2022-02-14 08:47:28.680root 11241100x80000000000000001754813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5e3835c66e142c2022-02-14 08:47:28.680root 11241100x80000000000000001754814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fdf23446c97c472022-02-14 08:47:28.680root 11241100x80000000000000001754815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e36c4ba53d750c12022-02-14 08:47:28.680root 11241100x80000000000000001754816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242bc6b1e01221432022-02-14 08:47:28.680root 11241100x80000000000000001754817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36704592f81479102022-02-14 08:47:28.681root 11241100x80000000000000001754818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b852bfbed685352022-02-14 08:47:28.681root 11241100x80000000000000001754819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cd5f9c46d27a222022-02-14 08:47:28.681root 11241100x80000000000000001754820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d6efad8be54d032022-02-14 08:47:28.681root 11241100x80000000000000001754821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56f7ff18d0a42782022-02-14 08:47:28.681root 11241100x80000000000000001754822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074cac5afe14da022022-02-14 08:47:28.681root 11241100x80000000000000001754823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:28.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8565137f055ee0912022-02-14 08:47:28.681root 11241100x80000000000000001754824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c29a8d741e039b2022-02-14 08:47:29.180root 11241100x80000000000000001754825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fe86a5064a96bf2022-02-14 08:47:29.180root 11241100x80000000000000001754826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b3d6c25093c89f2022-02-14 08:47:29.180root 11241100x80000000000000001754827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee778c1ba6237d1a2022-02-14 08:47:29.180root 11241100x80000000000000001754828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3814a1ef5e4a2b92022-02-14 08:47:29.180root 11241100x80000000000000001754829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bc8d4680899e0d2022-02-14 08:47:29.180root 11241100x80000000000000001754830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5413c53a150bb0af2022-02-14 08:47:29.180root 11241100x80000000000000001754831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bd5d93dc960db02022-02-14 08:47:29.180root 11241100x80000000000000001754832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3473d2ffc891352022-02-14 08:47:29.181root 11241100x80000000000000001754833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0055d3169dc02ddf2022-02-14 08:47:29.181root 11241100x80000000000000001754834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7999589d2d74e92022-02-14 08:47:29.181root 11241100x80000000000000001754835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0955a9a482ba462022-02-14 08:47:29.181root 11241100x80000000000000001754836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd95d83b7aef952e2022-02-14 08:47:29.181root 11241100x80000000000000001754837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43113326626f3a542022-02-14 08:47:29.181root 11241100x80000000000000001754838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0296239ee9d6425e2022-02-14 08:47:29.680root 11241100x80000000000000001754839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8d899d1b4279902022-02-14 08:47:29.680root 11241100x80000000000000001754840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa5a248c8a3bbcf2022-02-14 08:47:29.680root 11241100x80000000000000001754841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1843db5d5b8e892022-02-14 08:47:29.680root 11241100x80000000000000001754842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e934eebadb9b744e2022-02-14 08:47:29.681root 11241100x80000000000000001754843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a7948ff77a0e2c2022-02-14 08:47:29.681root 11241100x80000000000000001754844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56be7661511ee12b2022-02-14 08:47:29.681root 11241100x80000000000000001754845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30dfd9155d1f0b422022-02-14 08:47:29.681root 11241100x80000000000000001754846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a15839e76a58412022-02-14 08:47:29.681root 11241100x80000000000000001754847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190abdc857e9860d2022-02-14 08:47:29.682root 11241100x80000000000000001754848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64505b281a261b292022-02-14 08:47:29.682root 11241100x80000000000000001754849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aabbd651eca166c2022-02-14 08:47:29.682root 11241100x80000000000000001754850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee27cdfbd3dd2bd2022-02-14 08:47:29.682root 11241100x80000000000000001754851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:29.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d708f774d660b8a2022-02-14 08:47:29.683root 354300x80000000000000001754852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.044{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51562-false10.0.1.12-8000- 11241100x80000000000000001754853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.045{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e3895b7a240fc52022-02-14 08:47:30.045root 11241100x80000000000000001754854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.045{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e1858e0ce4a46a2022-02-14 08:47:30.045root 11241100x80000000000000001754855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.045{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3933130cb694ac3e2022-02-14 08:47:30.045root 11241100x80000000000000001754856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.045{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21cba5059ca41962022-02-14 08:47:30.045root 11241100x80000000000000001754857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32505c31f06d41d62022-02-14 08:47:30.046root 11241100x80000000000000001754858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ec40ea663caace2022-02-14 08:47:30.046root 11241100x80000000000000001754859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb99dd5f3c5a42892022-02-14 08:47:30.046root 11241100x80000000000000001754860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908a0ee2f9eea8612022-02-14 08:47:30.046root 11241100x80000000000000001754861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f581420b3abcab72022-02-14 08:47:30.046root 11241100x80000000000000001754862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c6786a3966b1972022-02-14 08:47:30.046root 11241100x80000000000000001754863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a80e10a6ba6aa912022-02-14 08:47:30.046root 11241100x80000000000000001754864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d92226bd7c496ef2022-02-14 08:47:30.046root 11241100x80000000000000001754865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b7e174a211df3e2022-02-14 08:47:30.046root 11241100x80000000000000001754866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e0dd04b59ed5d22022-02-14 08:47:30.046root 11241100x80000000000000001754867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.046{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07270a1a39889262022-02-14 08:47:30.046root 11241100x80000000000000001754868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56988ece07e05a32022-02-14 08:47:30.430root 11241100x80000000000000001754869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82790590c57332032022-02-14 08:47:30.430root 11241100x80000000000000001754870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad81d422f25bc142022-02-14 08:47:30.430root 11241100x80000000000000001754871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1672142036e70ab22022-02-14 08:47:30.431root 11241100x80000000000000001754872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb6f5aef58c6faf2022-02-14 08:47:30.431root 11241100x80000000000000001754873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf9b737ed38c5732022-02-14 08:47:30.431root 11241100x80000000000000001754874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a5fcd24e7534d82022-02-14 08:47:30.432root 11241100x80000000000000001754875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a232b0a374fd652022-02-14 08:47:30.432root 11241100x80000000000000001754876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8013d242fd965af02022-02-14 08:47:30.432root 11241100x80000000000000001754877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059ecb4086f58d692022-02-14 08:47:30.432root 11241100x80000000000000001754878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0b701f0c3460fb2022-02-14 08:47:30.432root 11241100x80000000000000001754879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f89d3d68a696672022-02-14 08:47:30.432root 11241100x80000000000000001754880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b65a7bcdaef7b02022-02-14 08:47:30.432root 11241100x80000000000000001754881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4114b6526c1e7072022-02-14 08:47:30.433root 11241100x80000000000000001754882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82504ac8127fec3a2022-02-14 08:47:30.433root 11241100x80000000000000001754883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a7416cefb983702022-02-14 08:47:30.930root 11241100x80000000000000001754884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2921f95f845687e2022-02-14 08:47:30.930root 11241100x80000000000000001754885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69ead68612c2fbe2022-02-14 08:47:30.930root 11241100x80000000000000001754886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c850830eadc092d2022-02-14 08:47:30.930root 11241100x80000000000000001754887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57655c2f055bb0282022-02-14 08:47:30.930root 11241100x80000000000000001754888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4f18b1bbe72d7f2022-02-14 08:47:30.930root 11241100x80000000000000001754889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe9eca6ab5a88d32022-02-14 08:47:30.930root 11241100x80000000000000001754890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109bd1a11ac852b82022-02-14 08:47:30.931root 11241100x80000000000000001754891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8a637d1b33d8cf2022-02-14 08:47:30.931root 11241100x80000000000000001754892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05dfd5bb94b0ad9c2022-02-14 08:47:30.931root 11241100x80000000000000001754893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40124978947660642022-02-14 08:47:30.931root 11241100x80000000000000001754894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab9a6e0df69840c2022-02-14 08:47:30.931root 11241100x80000000000000001754895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743339c53ca15a852022-02-14 08:47:30.931root 11241100x80000000000000001754896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e751248b3feff152022-02-14 08:47:30.931root 11241100x80000000000000001754897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:30.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0708a8079112162022-02-14 08:47:30.932root 11241100x80000000000000001754898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372f0aba0e9707e22022-02-14 08:47:31.430root 11241100x80000000000000001754899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9d3712e93c5a892022-02-14 08:47:31.430root 11241100x80000000000000001754900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba0efe866f87f7e2022-02-14 08:47:31.430root 11241100x80000000000000001754901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c4b91404fdd1482022-02-14 08:47:31.430root 11241100x80000000000000001754902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06e1271bda7b3e12022-02-14 08:47:31.430root 11241100x80000000000000001754903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf9fccf22704f432022-02-14 08:47:31.430root 11241100x80000000000000001754904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39bb4fb7457e3d812022-02-14 08:47:31.430root 11241100x80000000000000001754905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1caa5cc361c977b92022-02-14 08:47:31.431root 11241100x80000000000000001754906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3636002f7537a812022-02-14 08:47:31.431root 11241100x80000000000000001754907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bed3064a9be8ed62022-02-14 08:47:31.431root 11241100x80000000000000001754908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba50e7b1f658dec82022-02-14 08:47:31.432root 11241100x80000000000000001754909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d689e18c57c5d37b2022-02-14 08:47:31.432root 11241100x80000000000000001754910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99000a11fb5a7ce82022-02-14 08:47:31.432root 11241100x80000000000000001754911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d26c06cb7013feb2022-02-14 08:47:31.432root 11241100x80000000000000001754912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3e1dc23e3113fd2022-02-14 08:47:31.432root 534500x80000000000000001754913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.821{00000000-0000-0000-0000-000000000000}2043<unknown process>ubuntu 11241100x80000000000000001754914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.821{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3404a2e99db5052022-02-14 08:47:31.821root 11241100x80000000000000001754915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.822{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f440315c79f5412022-02-14 08:47:31.822root 11241100x80000000000000001754916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.822{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d8fe3c11a38a652022-02-14 08:47:31.822root 11241100x80000000000000001754917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.822{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d2d135a299b1cb2022-02-14 08:47:31.822root 11241100x80000000000000001754918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.823{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2144c4c50228b422022-02-14 08:47:31.823root 11241100x80000000000000001754919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.823{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfcebb4c669010d2022-02-14 08:47:31.823root 154100x80000000000000001754920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.821{ec2ab09f-1723-620a-6468-44e328560000}2044/usr/sbin/arp-----arp -a/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2042--- 11241100x80000000000000001754921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.823{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8899e35cf578c92022-02-14 08:47:31.823root 11241100x80000000000000001754922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.824{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032f4de2ec531d122022-02-14 08:47:31.824root 11241100x80000000000000001754923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.824{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f56faa018fa5fb2022-02-14 08:47:31.824root 11241100x80000000000000001754924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.824{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d752777ac2e4732022-02-14 08:47:31.824root 354300x80000000000000001754925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.824{ec2ab09f-1723-620a-6468-44e328560000}2044/usr/sbin/arpubuntuudptruefalse127.0.0.1-51354-false127.0.0.53-53- 354300x80000000000000001754926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.825{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-40010-false10.0.0.2-53- 11241100x80000000000000001754927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.825{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e08e04b791528462022-02-14 08:47:31.825root 11241100x80000000000000001754928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.826{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375f22acd6dedf5f2022-02-14 08:47:31.826root 11241100x80000000000000001754929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.826{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36770df494f7fd322022-02-14 08:47:31.826root 11241100x80000000000000001754930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.826{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03b3424531712212022-02-14 08:47:31.826root 354300x80000000000000001754931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.826{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-51354- 354300x80000000000000001754932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.826{ec2ab09f-1723-620a-6468-44e328560000}2044/usr/sbin/arpubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-58141- 354300x80000000000000001754933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.826{ec2ab09f-1723-620a-6468-44e328560000}2044/usr/sbin/arpubuntuudptruefalse127.0.0.1-58141-false127.0.0.53-53- 11241100x80000000000000001754934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.826{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fdc8b4017c68fa2022-02-14 08:47:31.826root 11241100x80000000000000001754935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.826{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1acf1faa40448b832022-02-14 08:47:31.826root 11241100x80000000000000001754936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.826{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c34b7bfa69c3e42022-02-14 08:47:31.826root 11241100x80000000000000001754937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.826{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2071892fd9f6d0372022-02-14 08:47:31.826root 354300x80000000000000001754938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.826{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-42226-false10.0.0.2-53- 354300x80000000000000001754939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.827{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-58141- 534500x80000000000000001754940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.827{ec2ab09f-1723-620a-6468-44e328560000}2044/usr/sbin/arpubuntu 534500x80000000000000001754941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.829{00000000-0000-0000-0000-000000000000}2045<unknown process>ubuntu 154100x80000000000000001754942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.829{ec2ab09f-1723-620a-9c96-bc98e9550000}2046/sbin/ifconfig-----ifconfig/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2042--- 534500x80000000000000001754943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.833{ec2ab09f-1723-620a-9c96-bc98e9550000}2046/sbin/ifconfigubuntu 534500x80000000000000001754944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.835{ec2ab09f-16f7-620a-0000-000000000000}2047-ubuntu 154100x80000000000000001754945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.837{ec2ab09f-1723-620a-88c8-972a70550000}2048/bin/ip-----ip addr/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2042--- 534500x80000000000000001754946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.839{ec2ab09f-1723-620a-88c8-972a70550000}2048/bin/ipubuntu 534500x80000000000000001754947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.840{ec2ab09f-16f7-620a-0000-000000000000}2049-ubuntu 154100x80000000000000001754948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.840{ec2ab09f-1723-620a-f0bc-4774bb550000}2051/usr/bin/gawk-----awk {print $NF}/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2042--- 154100x80000000000000001754949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.840{ec2ab09f-1723-620a-180a-cd2984550000}2053/usr/bin/sort-----sort/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2042--- 154100x80000000000000001754950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.840{ec2ab09f-1723-620a-507c-6d1c9d550000}2052/bin/grep-----grep -v [a-z]/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2042--- 154100x80000000000000001754951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.840{ec2ab09f-1723-620a-c437-c387e0550000}2050/bin/netstat-----netstat -ant/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2042--- 154100x80000000000000001754952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.840{ec2ab09f-1723-620a-3827-bfbf88550000}2054/usr/bin/uniq-----uniq -c/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2042--- 534500x80000000000000001754953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.848{ec2ab09f-1723-620a-c437-c387e0550000}2050/bin/netstatubuntu 534500x80000000000000001754954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.850{ec2ab09f-1723-620a-f0bc-4774bb550000}2051/usr/bin/gawkubuntu 534500x80000000000000001754955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.851{ec2ab09f-1723-620a-507c-6d1c9d550000}2052/bin/grepubuntu 534500x80000000000000001754956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.851{ec2ab09f-1723-620a-180a-cd2984550000}2053/usr/bin/sortubuntu 534500x80000000000000001754957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.851{ec2ab09f-1723-620a-3827-bfbf88550000}2054/usr/bin/uniqubuntu 154100x80000000000000001754958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.851{ec2ab09f-1723-620a-082e-69d516560000}2055/usr/bin/sudo-----sudo iptables -L/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2042--- 354300x80000000000000001754959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.859{ec2ab09f-1723-620a-082e-69d516560000}2055/usr/bin/sudoubuntuudptruefalse127.0.0.1-38777-false127.0.0.53-53- 354300x80000000000000001754960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.859{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-51649-false10.0.0.2-53- 354300x80000000000000001754961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.859{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-54448-false10.0.0.2-53- 354300x80000000000000001754962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.859{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-38777- 354300x80000000000000001754963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.859{ec2ab09f-1723-620a-082e-69d516560000}2055/usr/bin/sudoubuntuudptruefalse127.0.0.1-58940-false127.0.0.53-53- 354300x80000000000000001754964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.859{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-58940- 154100x80000000000000001754965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.862{ec2ab09f-1723-620a-98de-c3e1a3550000}2056/sbin/xtables-multi-----iptables -L/home/ubunturoot{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1723-620a-082e-69d516560000}2055/usr/bin/sudosudoubuntu 11241100x80000000000000001754966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.868{ec2ab09f-1723-620a-98de-c3e1a3550000}2056/sbin/xtables-multi/run/xtables.lock2022-02-14 08:47:31.868root 11241100x80000000000000001754967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.869{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489/lib/systemd/systemd-udevd/run/udev/queue2022-02-14 08:47:31.869root 23542300x80000000000000001754968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.870{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000001754969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.870{ec2ab09f-1723-620a-0000-000000000000}2058-root 11241100x80000000000000001754970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.875{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489/lib/systemd/systemd-udevd/run/udev/queue2022-02-14 08:47:31.875root 534500x80000000000000001754971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.875{00000000-0000-0000-0000-000000000000}2057<unknown process>root 23542300x80000000000000001754972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.877{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000001754973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.878{ec2ab09f-1723-620a-0000-000000000000}2061-root 11241100x80000000000000001754974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.880{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489/lib/systemd/systemd-udevd/run/udev/queue2022-02-14 08:47:31.880root 534500x80000000000000001754975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.880{00000000-0000-0000-0000-000000000000}2062<unknown process>root 534500x80000000000000001754976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.880{ec2ab09f-1723-620a-98de-c3e1a3550000}2056/sbin/xtables-multiroot 534500x80000000000000001754977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.881{ec2ab09f-1723-620a-082e-69d516560000}2055/usr/bin/sudoroot 23542300x80000000000000001754978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.881{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000001754979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.882{ec2ab09f-1723-620a-0000-000000000000}2063-root 154100x80000000000000001754980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.882{ec2ab09f-1723-620a-e85f-78eca4550000}2064/bin/ss-----ss/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2042--- 11241100x80000000000000001754981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.890{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489/lib/systemd/systemd-udevd/run/udev/queue2022-02-14 08:47:31.890root 534500x80000000000000001754982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.890{00000000-0000-0000-0000-000000000000}2065<unknown process>root 23542300x80000000000000001754983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.891{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000001754984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.891{ec2ab09f-1723-620a-0000-000000000000}2066-root 11241100x80000000000000001754985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.894{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489/lib/systemd/systemd-udevd/run/udev/queue2022-02-14 08:47:31.894root 534500x80000000000000001754986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.894{00000000-0000-0000-0000-000000000000}2067<unknown process>root 23542300x80000000000000001754987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.895{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000001754988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.896{ec2ab09f-1723-620a-0000-000000000000}2069-root 11241100x80000000000000001754989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.897{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489/lib/systemd/systemd-udevd/run/udev/queue2022-02-14 08:47:31.897root 534500x80000000000000001754990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.897{00000000-0000-0000-0000-000000000000}2068<unknown process>root 23542300x80000000000000001754991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.898{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000001754992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.899{ec2ab09f-1723-620a-0000-000000000000}2070-root 11241100x80000000000000001754993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.910{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489/lib/systemd/systemd-udevd/run/udev/queue2022-02-14 08:47:31.910root 534500x80000000000000001754994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.910{00000000-0000-0000-0000-000000000000}2071<unknown process>root 23542300x80000000000000001754995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.911{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000001754996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.912{ec2ab09f-1723-620a-0000-000000000000}2072-root 11241100x80000000000000001754997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.921{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489/lib/systemd/systemd-udevd/run/udev/queue2022-02-14 08:47:31.921root 534500x80000000000000001754998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.921{00000000-0000-0000-0000-000000000000}2073<unknown process>root 23542300x80000000000000001754999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.923{ec2ab09f-0ff9-620a-f8ed-b9e3b0550000}489root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000001755000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.923{ec2ab09f-1723-620a-0000-000000000000}2074-root 534500x80000000000000001755001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.927{ec2ab09f-1723-620a-e85f-78eca4550000}2064/bin/ssubuntu 154100x80000000000000001755002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.928{ec2ab09f-1723-620a-4ca0-517c78550000}2075/sbin/route-----route/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2042--- 354300x80000000000000001755003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.931{ec2ab09f-1723-620a-4ca0-517c78550000}2075/sbin/routeubuntuudptruefalse127.0.0.1-48338-false127.0.0.53-53- 354300x80000000000000001755004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.931{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-48338- 534500x80000000000000001755005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.932{ec2ab09f-1723-620a-4ca0-517c78550000}2075/sbin/routeubuntu 154100x80000000000000001755006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.933{ec2ab09f-1723-620a-081e-b90ff2550000}2076/usr/bin/sudo-----sudo ufw status/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2042--- 354300x80000000000000001755007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.937{ec2ab09f-1723-620a-081e-b90ff2550000}2076/usr/bin/sudoubuntuudptruefalse127.0.0.1-56059-false127.0.0.53-53- 354300x80000000000000001755008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.937{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-49573-false10.0.0.2-53- 354300x80000000000000001755009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.937{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-38568-false10.0.0.2-53- 354300x80000000000000001755010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.937{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-56059- 354300x80000000000000001755011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.937{ec2ab09f-1723-620a-081e-b90ff2550000}2076/usr/bin/sudoubuntuudptruefalse127.0.0.1-57813-false127.0.0.53-53- 354300x80000000000000001755012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.937{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-57813- 154100x80000000000000001755013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:31.941{ec2ab09f-1723-620a-a036-7b0000000000}2077/usr/bin/python3.6-----/usr/bin/python3 /usr/sbin/ufw status/home/ubunturoot{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1723-620a-081e-b90ff2550000}2076/usr/bin/sudosudoubuntu 154100x80000000000000001755014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.042{ec2ab09f-1724-620a-98de-4c9be7550000}2078/sbin/xtables-multi-----/sbin/iptables -V/home/ubunturoot{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1723-620a-a036-7b0000000000}2077/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000001755015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.043{ec2ab09f-1724-620a-98de-4c9be7550000}2078/sbin/xtables-multiroot 11241100x80000000000000001755016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.043{ec2ab09f-1723-620a-a036-7b0000000000}2077/usr/bin/python3.6/run/ufw.lock2022-02-14 08:47:32.043root 154100x80000000000000001755017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.044{ec2ab09f-1724-620a-982e-a89540560000}2079/sbin/xtables-multi-----/sbin/iptables -L ufw-user-input -n/home/ubunturoot{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1723-620a-a036-7b0000000000}2077/usr/bin/python3.6/usr/bin/python3root 534500x80000000000000001755018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.045{ec2ab09f-1724-620a-982e-a89540560000}2079/sbin/xtables-multiroot 534500x80000000000000001755019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.055{ec2ab09f-1723-620a-a036-7b0000000000}2077/usr/bin/python3.6root 534500x80000000000000001755020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.055{ec2ab09f-1723-620a-081e-b90ff2550000}2076/usr/bin/sudoroot 154100x80000000000000001755021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.056{ec2ab09f-1724-620a-08be-25d28e550000}2080/usr/bin/sudo-----sudo firewall-cmd --list-all-zones/home/ubuntuubuntu{ec2ab09f-1691-620a-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}2042--- 354300x80000000000000001755022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.059{ec2ab09f-1724-620a-08be-25d28e550000}2080/usr/bin/sudoubuntuudptruefalse127.0.0.1-53601-false127.0.0.53-53- 354300x80000000000000001755023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.060{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-36447-false10.0.0.2-53- 354300x80000000000000001755024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.060{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-43462-false10.0.0.2-53- 354300x80000000000000001755025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.060{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-53601- 354300x80000000000000001755026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.060{ec2ab09f-1724-620a-08be-25d28e550000}2080/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-38973- 354300x80000000000000001755027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.060{ec2ab09f-1724-620a-08be-25d28e550000}2080/usr/bin/sudoubuntuudptruefalse127.0.0.1-38973-false127.0.0.53-53- 354300x80000000000000001755028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.061{ec2ab09f-0ffc-620a-c037-0e4f0a560000}763/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-38973- 154100x80000000000000001755029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.063{ec2ab09f-1724-620a-a036-7b0000000000}2081/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/firewall-cmd --list-all-zones/home/ubunturoot{ec2ab09f-0000-0000-0000-000000000000}02no level-{ec2ab09f-1724-620a-08be-25d28e550000}2080/usr/bin/sudosudoubuntu 11241100x80000000000000001755030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065f1be3f9b739302022-02-14 08:47:32.180root 11241100x80000000000000001755031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7c9e4ad7ac1a1d2022-02-14 08:47:32.180root 11241100x80000000000000001755032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5684d8ca3f5430392022-02-14 08:47:32.180root 11241100x80000000000000001755033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d854f501238e757b2022-02-14 08:47:32.181root 11241100x80000000000000001755034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2eb6c8f1e179bc2022-02-14 08:47:32.182root 11241100x80000000000000001755035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1765ce7f708919762022-02-14 08:47:32.182root 11241100x80000000000000001755036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419467c2edcd8aff2022-02-14 08:47:32.182root 11241100x80000000000000001755037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59447e54e15afde2022-02-14 08:47:32.182root 11241100x80000000000000001755038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c8b5920c23c0c92022-02-14 08:47:32.182root 11241100x80000000000000001755039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619d58656368eeda2022-02-14 08:47:32.182root 11241100x80000000000000001755040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a926481d4b683a92022-02-14 08:47:32.182root 11241100x80000000000000001755041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc89a0c690db1b32022-02-14 08:47:32.182root 11241100x80000000000000001755042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236e0219733012e82022-02-14 08:47:32.182root 11241100x80000000000000001755043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1e239829bc4bed2022-02-14 08:47:32.183root 11241100x80000000000000001755044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf0584c9cb3d5ee2022-02-14 08:47:32.183root 11241100x80000000000000001755045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a92c608b76e262a2022-02-14 08:47:32.183root 11241100x80000000000000001755046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfacd7cd6db372f12022-02-14 08:47:32.183root 11241100x80000000000000001755047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c46786ca3b3a4d2022-02-14 08:47:32.183root 11241100x80000000000000001755048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3daa04f8005fed2022-02-14 08:47:32.183root 11241100x80000000000000001755049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4a4ad70f5424482022-02-14 08:47:32.183root 11241100x80000000000000001755050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6cb5786b6d69952022-02-14 08:47:32.183root 11241100x80000000000000001755051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d0d36e904b17e12022-02-14 08:47:32.183root 11241100x80000000000000001755052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c56603b3b803f072022-02-14 08:47:32.183root 11241100x80000000000000001755053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cf6143325d69342022-02-14 08:47:32.183root 11241100x80000000000000001755054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486ec349adf13c342022-02-14 08:47:32.184root 11241100x80000000000000001755055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153fe106f11600b92022-02-14 08:47:32.184root 11241100x80000000000000001755056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1df861607cc6ff22022-02-14 08:47:32.184root 11241100x80000000000000001755057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e517409f9c1bd5db2022-02-14 08:47:32.184root 11241100x80000000000000001755058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddeac35f07333af2022-02-14 08:47:32.184root 11241100x80000000000000001755059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259d7e67572ac1012022-02-14 08:47:32.184root 11241100x80000000000000001755060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7e933ba01fdc342022-02-14 08:47:32.184root 11241100x80000000000000001755061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e05df1087f188d2022-02-14 08:47:32.185root 11241100x80000000000000001755062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc2477b842991872022-02-14 08:47:32.185root 11241100x80000000000000001755063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ef87b6376f34fd2022-02-14 08:47:32.185root 11241100x80000000000000001755064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac7ae983c1d464d2022-02-14 08:47:32.185root 11241100x80000000000000001755065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119a95b1cd84bff72022-02-14 08:47:32.185root 11241100x80000000000000001755066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74aa017c7d42bd772022-02-14 08:47:32.185root 11241100x80000000000000001755067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2422ddfbced86a2022-02-14 08:47:32.185root 11241100x80000000000000001755068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb78d593471f94002022-02-14 08:47:32.186root 11241100x80000000000000001755069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be598ad4f11534252022-02-14 08:47:32.186root 11241100x80000000000000001755070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27925dc049cbf0b52022-02-14 08:47:32.186root 11241100x80000000000000001755071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91fc23d65a201b62022-02-14 08:47:32.186root 11241100x80000000000000001755072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a304c5b8f236b8682022-02-14 08:47:32.186root 11241100x80000000000000001755073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b9c0e0c0b4963d2022-02-14 08:47:32.186root 11241100x80000000000000001755074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae870239a93c67e2022-02-14 08:47:32.186root 11241100x80000000000000001755075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b578b4cb1b8fd812022-02-14 08:47:32.187root 11241100x80000000000000001755076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb54c3503850bda22022-02-14 08:47:32.187root 11241100x80000000000000001755077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad8097ba2dbe6212022-02-14 08:47:32.187root 11241100x80000000000000001755078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d0f7cc03bddd682022-02-14 08:47:32.187root 11241100x80000000000000001755079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bc988f6e8f620e2022-02-14 08:47:32.187root 11241100x80000000000000001755080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374b36ecd02462622022-02-14 08:47:32.187root 11241100x80000000000000001755081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c36dff236a7c712022-02-14 08:47:32.187root 11241100x80000000000000001755082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a16f3e81cdd99e02022-02-14 08:47:32.187root 11241100x80000000000000001755083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50fdb1a85fe56e72022-02-14 08:47:32.187root 11241100x80000000000000001755084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c659537f322bc0d2022-02-14 08:47:32.188root 11241100x80000000000000001755085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05914517d682d0c2022-02-14 08:47:32.188root 11241100x80000000000000001755086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa31e1acac20faf2022-02-14 08:47:32.188root 11241100x80000000000000001755087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaba742fe57c6f22022-02-14 08:47:32.188root 11241100x80000000000000001755088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06822749b4f033da2022-02-14 08:47:32.188root 11241100x80000000000000001755089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0480cf38cda9b8b22022-02-14 08:47:32.188root 11241100x80000000000000001755090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1a4e411c538a2b2022-02-14 08:47:32.188root 11241100x80000000000000001755091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f747af869b776e2a2022-02-14 08:47:32.188root 11241100x80000000000000001755092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae238d723f53ab5d2022-02-14 08:47:32.188root 11241100x80000000000000001755093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53af8393edea6eb82022-02-14 08:47:32.189root 11241100x80000000000000001755094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9741c5c651d4f3352022-02-14 08:47:32.189root 11241100x80000000000000001755095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90ce44e12432b5b2022-02-14 08:47:32.189root 11241100x80000000000000001755096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f62b055cd6620d2022-02-14 08:47:32.189root 11241100x80000000000000001755097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a0aefd05d0835c2022-02-14 08:47:32.189root 11241100x80000000000000001755098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375ab05bc146382b2022-02-14 08:47:32.189root 11241100x80000000000000001755099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201e351510446fb52022-02-14 08:47:32.189root 11241100x80000000000000001755100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd4ee326b5368b92022-02-14 08:47:32.189root 11241100x80000000000000001755101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dca04cf2b044872022-02-14 08:47:32.189root 11241100x80000000000000001755102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7919ce7d6b9672e2022-02-14 08:47:32.190root 11241100x80000000000000001755103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d75f01c3e35de42022-02-14 08:47:32.190root 11241100x80000000000000001755104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfe6b9d71f526882022-02-14 08:47:32.190root 11241100x80000000000000001755105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644693e7a932a52d2022-02-14 08:47:32.190root 11241100x80000000000000001755106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f326a54760be6b72022-02-14 08:47:32.190root 11241100x80000000000000001755107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73da497d32bca21e2022-02-14 08:47:32.190root 11241100x80000000000000001755108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42de341d916af582022-02-14 08:47:32.190root 11241100x80000000000000001755109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1aefb7330afb7f2022-02-14 08:47:32.190root 11241100x80000000000000001755110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd30f04edfc06842022-02-14 08:47:32.190root 11241100x80000000000000001755111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92b39fab67e67152022-02-14 08:47:32.191root 11241100x80000000000000001755112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe997a6fe48239b2022-02-14 08:47:32.191root 11241100x80000000000000001755113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c9de3b2ceae5902022-02-14 08:47:32.191root 11241100x80000000000000001755114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3b952189dace042022-02-14 08:47:32.191root 11241100x80000000000000001755115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76367c321e442cc42022-02-14 08:47:32.191root 11241100x80000000000000001755116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89879ce9e6a1e7112022-02-14 08:47:32.191root 11241100x80000000000000001755117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4ddc8279a21dc22022-02-14 08:47:32.191root 11241100x80000000000000001755118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4266036b28ca5a2022-02-14 08:47:32.191root 11241100x80000000000000001755119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d4c54708893cfb2022-02-14 08:47:32.192root 11241100x80000000000000001755120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a9075336bf31b72022-02-14 08:47:32.192root 11241100x80000000000000001755121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb7f7d8f23287ac2022-02-14 08:47:32.192root 11241100x80000000000000001755122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597cbe34a1fe835a2022-02-14 08:47:32.192root 11241100x80000000000000001755123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3c085f26fde7df2022-02-14 08:47:32.192root 11241100x80000000000000001755124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e21efb704779f5e2022-02-14 08:47:32.192root 11241100x80000000000000001755125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aaa06ccc0d0f91d2022-02-14 08:47:32.193root 11241100x80000000000000001755126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3378219c813988d42022-02-14 08:47:32.193root 11241100x80000000000000001755127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547242f43ec771fa2022-02-14 08:47:32.193root 11241100x80000000000000001755128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d12dcbacf127c712022-02-14 08:47:32.193root 11241100x80000000000000001755129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49403381bc6b818e2022-02-14 08:47:32.193root 11241100x80000000000000001755130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184bf7165aa9573e2022-02-14 08:47:32.193root 11241100x80000000000000001755131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0d2d8336f4265e2022-02-14 08:47:32.193root 11241100x80000000000000001755132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c9b856dc6472dd2022-02-14 08:47:32.193root 11241100x80000000000000001755133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe87abf4c298ee292022-02-14 08:47:32.194root 11241100x80000000000000001755134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d7329681a39a582022-02-14 08:47:32.194root 11241100x80000000000000001755135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac5ace9d65f69712022-02-14 08:47:32.194root 11241100x80000000000000001755136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a9fc2fae2c411f2022-02-14 08:47:32.194root 11241100x80000000000000001755137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcc9a56bce6c3da2022-02-14 08:47:32.195root 11241100x80000000000000001755138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bfe766a2345c9f2022-02-14 08:47:32.195root 11241100x80000000000000001755139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98aef9216d1e4302022-02-14 08:47:32.195root 11241100x80000000000000001755140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309a097d4c1305442022-02-14 08:47:32.195root 11241100x80000000000000001755141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2fd7194c40af612022-02-14 08:47:32.195root 11241100x80000000000000001755142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50c473bbb00f8ea2022-02-14 08:47:32.195root 11241100x80000000000000001755143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d835e1a723a32bc2022-02-14 08:47:32.196root 11241100x80000000000000001755144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff69627db4c534e2022-02-14 08:47:32.196root 11241100x80000000000000001755145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e6ae58b9907c3e2022-02-14 08:47:32.196root 11241100x80000000000000001755146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a362e5effd3b38f2022-02-14 08:47:32.196root 11241100x80000000000000001755147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f652448335a48952022-02-14 08:47:32.196root 11241100x80000000000000001755148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52430eaeb4443f72022-02-14 08:47:32.196root 11241100x80000000000000001755149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb47f9ae6e5d269a2022-02-14 08:47:32.196root 11241100x80000000000000001755150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8029474c1c85e0c52022-02-14 08:47:32.196root 11241100x80000000000000001755151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6548c7cff05af9fb2022-02-14 08:47:32.196root 11241100x80000000000000001755152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0fe4712fade41c2022-02-14 08:47:32.197root 11241100x80000000000000001755153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76041f8bb2f4beab2022-02-14 08:47:32.197root 11241100x80000000000000001755154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ceff95f67f233f2022-02-14 08:47:32.197root 11241100x80000000000000001755155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455cf0721d44b5c42022-02-14 08:47:32.197root 11241100x80000000000000001755156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1999315f548f6402022-02-14 08:47:32.197root 11241100x80000000000000001755157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e2ff32f138a8ca2022-02-14 08:47:32.197root 11241100x80000000000000001755158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd61737c3f0603a2022-02-14 08:47:32.197root 11241100x80000000000000001755159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf7cd5839879bfb2022-02-14 08:47:32.198root 11241100x80000000000000001755160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22c25d80d8e0ded2022-02-14 08:47:32.198root 11241100x80000000000000001755161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2fa79e52474b322022-02-14 08:47:32.198root 11241100x80000000000000001755162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae5d21b07a7752d2022-02-14 08:47:32.198root 11241100x80000000000000001755163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681f78685cc8cc2d2022-02-14 08:47:32.198root 11241100x80000000000000001755164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59abd7ebc7f3b0502022-02-14 08:47:32.198root 11241100x80000000000000001755165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ed246fdcfd3fff2022-02-14 08:47:32.198root 11241100x80000000000000001755166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.199{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4165b97be3c60732022-02-14 08:47:32.199root 11241100x80000000000000001755167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.199{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4975dbeb4660a92022-02-14 08:47:32.199root 11241100x80000000000000001755168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.199{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c81a02631eb56742022-02-14 08:47:32.199root 11241100x80000000000000001755169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.199{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e6063801bb36422022-02-14 08:47:32.199root 11241100x80000000000000001755170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.199{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2fd69a5368ad332022-02-14 08:47:32.199root 11241100x80000000000000001755171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.199{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1134b42c6e31412022-02-14 08:47:32.199root 11241100x80000000000000001755172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.200{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdb15b274b3c54d2022-02-14 08:47:32.200root 11241100x80000000000000001755173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.200{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0d035e100b04a52022-02-14 08:47:32.200root 11241100x80000000000000001755174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.200{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9b8bb3c7a7c6ad2022-02-14 08:47:32.200root 11241100x80000000000000001755175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.200{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce13ac632dac8592022-02-14 08:47:32.200root 11241100x80000000000000001755176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.200{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba95d03c91df43a02022-02-14 08:47:32.200root 11241100x80000000000000001755177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.200{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35ddf5759800c642022-02-14 08:47:32.200root 11241100x80000000000000001755178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.200{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6172e140ac6ab0802022-02-14 08:47:32.200root 11241100x80000000000000001755179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.201{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92994223d79a59142022-02-14 08:47:32.201root 11241100x80000000000000001755180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.201{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df1eef6d0bd9d8d2022-02-14 08:47:32.201root 11241100x80000000000000001755181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.201{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ae879aefd9ccec2022-02-14 08:47:32.201root 11241100x80000000000000001755182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.201{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c594197b98e1ee2022-02-14 08:47:32.201root 11241100x80000000000000001755183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.201{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b292ca5a4880c8d52022-02-14 08:47:32.201root 11241100x80000000000000001755184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.201{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0995d39a890cab482022-02-14 08:47:32.201root 11241100x80000000000000001755185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.201{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55130274434a1dab2022-02-14 08:47:32.201root 11241100x80000000000000001755186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.201{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce4ab3d8d2494b52022-02-14 08:47:32.201root 11241100x80000000000000001755187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.201{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f29e39ca526e7c2022-02-14 08:47:32.201root 11241100x80000000000000001755188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.201{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793b4bb816351ec32022-02-14 08:47:32.201root 11241100x80000000000000001755189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.202{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ab216365494be92022-02-14 08:47:32.202root 11241100x80000000000000001755190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.202{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9237c57de123a62022-02-14 08:47:32.202root 11241100x80000000000000001755191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.202{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a2646bb75bfad92022-02-14 08:47:32.202root 11241100x80000000000000001755192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.202{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c9f56f1eb69e752022-02-14 08:47:32.202root 11241100x80000000000000001755193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.202{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5d528dbebef2832022-02-14 08:47:32.202root 11241100x80000000000000001755194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.202{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af4ffb07635f3722022-02-14 08:47:32.202root 11241100x80000000000000001755195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c15f61768df69f52022-02-14 08:47:32.203root 11241100x80000000000000001755196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67bd7fb2c25ee702022-02-14 08:47:32.203root 11241100x80000000000000001755197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eacc9d0d5c6c2692022-02-14 08:47:32.203root 11241100x80000000000000001755198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edd35dae1b6fe2f2022-02-14 08:47:32.203root 11241100x80000000000000001755199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85ea06287dbfa992022-02-14 08:47:32.203root 11241100x80000000000000001755200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6208d0f7495c6e22022-02-14 08:47:32.203root 11241100x80000000000000001755201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3ea30caad1468a2022-02-14 08:47:32.203root 11241100x80000000000000001755202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eff0d9b583b0f452022-02-14 08:47:32.203root 11241100x80000000000000001755203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9704d189082862d52022-02-14 08:47:32.204root 11241100x80000000000000001755204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222f4325495d1d082022-02-14 08:47:32.204root 11241100x80000000000000001755205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacea9db9978945c2022-02-14 08:47:32.204root 11241100x80000000000000001755206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ce2f551af268892022-02-14 08:47:32.204root 11241100x80000000000000001755207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ed41f9a665b1982022-02-14 08:47:32.204root 11241100x80000000000000001755208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde50803060a74552022-02-14 08:47:32.205root 11241100x80000000000000001755209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e783f106c212c1c2022-02-14 08:47:32.205root 11241100x80000000000000001755210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcf87e75980ab892022-02-14 08:47:32.205root 11241100x80000000000000001755211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc3de050419ad092022-02-14 08:47:32.205root 11241100x80000000000000001755212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cdd3863a66d2812022-02-14 08:47:32.205root 11241100x80000000000000001755213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d56be003e891dec2022-02-14 08:47:32.205root 11241100x80000000000000001755214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f90e68e96a2b532022-02-14 08:47:32.205root 11241100x80000000000000001755215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d436290046606312022-02-14 08:47:32.205root 11241100x80000000000000001755216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84adc67ee7274fdd2022-02-14 08:47:32.206root 11241100x80000000000000001755217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121704e24eea49152022-02-14 08:47:32.206root 11241100x80000000000000001755218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77ec550d82818362022-02-14 08:47:32.206root 11241100x80000000000000001755219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1370eaaa72ad62c72022-02-14 08:47:32.206root 11241100x80000000000000001755220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5d8caaf1f75b0c2022-02-14 08:47:32.206root 11241100x80000000000000001755221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5a5780d92f85262022-02-14 08:47:32.206root 11241100x80000000000000001755222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8611e0861310712022-02-14 08:47:32.206root 11241100x80000000000000001755223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944f4d5c1e6502fa2022-02-14 08:47:32.206root 11241100x80000000000000001755224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.207{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9cfe1441a2372f32022-02-14 08:47:32.207root 11241100x80000000000000001755225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.207{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182c76b7d604ec162022-02-14 08:47:32.207root 11241100x80000000000000001755226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.207{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac99f82537512d52022-02-14 08:47:32.207root 11241100x80000000000000001755227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.207{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6e7afc6059770a2022-02-14 08:47:32.207root 11241100x80000000000000001755228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.207{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba43ac7df9950602022-02-14 08:47:32.207root 11241100x80000000000000001755229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.207{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969f4cf276f6363c2022-02-14 08:47:32.207root 11241100x80000000000000001755230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.207{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016a8a4e6540c44e2022-02-14 08:47:32.207root 11241100x80000000000000001755231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632f4ef214a850ce2022-02-14 08:47:32.208root 11241100x80000000000000001755232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84aba4de7892f43a2022-02-14 08:47:32.208root 11241100x80000000000000001755233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494c010ddf84f3cd2022-02-14 08:47:32.208root 11241100x80000000000000001755234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991181a227a9a9492022-02-14 08:47:32.208root 11241100x80000000000000001755235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a350751435477102022-02-14 08:47:32.208root 11241100x80000000000000001755236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529006b6c2e05ff72022-02-14 08:47:32.208root 11241100x80000000000000001755237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12792985b41258912022-02-14 08:47:32.208root 11241100x80000000000000001755238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69be48ad863f80412022-02-14 08:47:32.209root 11241100x80000000000000001755239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb1e1330a047a2d2022-02-14 08:47:32.209root 11241100x80000000000000001755240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b028cab43e28462022-02-14 08:47:32.209root 11241100x80000000000000001755241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff5661a6d5f23842022-02-14 08:47:32.209root 11241100x80000000000000001755242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d980c4ad52391c032022-02-14 08:47:32.209root 11241100x80000000000000001755243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352f2d9802917bd42022-02-14 08:47:32.210root 11241100x80000000000000001755244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d1f62bbac3f3a42022-02-14 08:47:32.210root 11241100x80000000000000001755245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e019c45944a257d2022-02-14 08:47:32.210root 11241100x80000000000000001755246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d12ada8b2c9f9ba2022-02-14 08:47:32.210root 11241100x80000000000000001755247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aaa42711c2109582022-02-14 08:47:32.210root 11241100x80000000000000001755248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c8d708dfded3d82022-02-14 08:47:32.210root 11241100x80000000000000001755249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664d2943fde37d492022-02-14 08:47:32.210root 11241100x80000000000000001755250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6506f0d217f986ba2022-02-14 08:47:32.210root 11241100x80000000000000001755251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2d2319c319ad622022-02-14 08:47:32.210root 11241100x80000000000000001755252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4d6b26c1ce617f2022-02-14 08:47:32.210root 11241100x80000000000000001755253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3144117508de69e2022-02-14 08:47:32.211root 11241100x80000000000000001755254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86380fa405155fa92022-02-14 08:47:32.211root 11241100x80000000000000001755255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3599beca2cd1bcf62022-02-14 08:47:32.211root 11241100x80000000000000001755256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ff3c9abe6df5622022-02-14 08:47:32.211root 11241100x80000000000000001755257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e036e28f82bc2302022-02-14 08:47:32.211root 11241100x80000000000000001755258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47aa12bc280852372022-02-14 08:47:32.211root 11241100x80000000000000001755259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af983c81ed8940c2022-02-14 08:47:32.211root 11241100x80000000000000001755260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71061d349d280d9a2022-02-14 08:47:32.211root 11241100x80000000000000001755261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffcdb42a35f8a372022-02-14 08:47:32.211root 11241100x80000000000000001755262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a956f405e54e682022-02-14 08:47:32.211root 11241100x80000000000000001755263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9e38f75905adf82022-02-14 08:47:32.211root 11241100x80000000000000001755264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a603ba6c111a16ec2022-02-14 08:47:32.211root 11241100x80000000000000001755265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f08d1b71cdd8b8a2022-02-14 08:47:32.212root 11241100x80000000000000001755266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a730cc2f4ceddf52022-02-14 08:47:32.212root 11241100x80000000000000001755267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cc9f6bbef967162022-02-14 08:47:32.212root 11241100x80000000000000001755268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5c9dff9ae6dfbf2022-02-14 08:47:32.212root 11241100x80000000000000001755269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2850f454bd0e2b122022-02-14 08:47:32.212root 11241100x80000000000000001755270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cadb940c98366af2022-02-14 08:47:32.212root 11241100x80000000000000001755271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01126e88c8c706242022-02-14 08:47:32.212root 11241100x80000000000000001755272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc26cf9245862c92022-02-14 08:47:32.212root 11241100x80000000000000001755273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8055d5b72182b32022-02-14 08:47:32.212root 11241100x80000000000000001755274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a51fb86fc35a2eb2022-02-14 08:47:32.212root 534500x80000000000000001755275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.407{ec2ab09f-1724-620a-a036-7b0000000000}2081/usr/bin/python3.6root 534500x80000000000000001755276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.409{ec2ab09f-1724-620a-08be-25d28e550000}2080/usr/bin/sudoroot 534500x80000000000000001755277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.409{ec2ab09f-1723-620a-0000-000000000000}2042-ubuntu 11241100x80000000000000001755278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66634c995b8064d2022-02-14 08:47:32.680root 11241100x80000000000000001755279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bc223280f1808e2022-02-14 08:47:32.680root 11241100x80000000000000001755280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa11026785430502022-02-14 08:47:32.680root 11241100x80000000000000001755281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc22b49e48d71d272022-02-14 08:47:32.680root 11241100x80000000000000001755282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b9e2c196d9b8a92022-02-14 08:47:32.680root 11241100x80000000000000001755283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6a7868f990988d2022-02-14 08:47:32.680root 11241100x80000000000000001755284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7b6763d38bdbef2022-02-14 08:47:32.680root 11241100x80000000000000001755285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3411becbb670281f2022-02-14 08:47:32.681root 11241100x80000000000000001755286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08554a2c091018732022-02-14 08:47:32.681root 11241100x80000000000000001755287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3eb6f2f4ea5e4d2022-02-14 08:47:32.681root 11241100x80000000000000001755288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc0defc573f81a42022-02-14 08:47:32.681root 11241100x80000000000000001755289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18deecb705faf7642022-02-14 08:47:32.681root 11241100x80000000000000001755290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2844dd06985410e92022-02-14 08:47:32.681root 11241100x80000000000000001755291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2ae2a6a16948f72022-02-14 08:47:32.681root 11241100x80000000000000001755292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a24234455fe10482022-02-14 08:47:32.681root 11241100x80000000000000001755293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc83ffb66389cfd2022-02-14 08:47:32.682root 11241100x80000000000000001755294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac48bc0c4b6c9a42022-02-14 08:47:32.682root 11241100x80000000000000001755295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98419c69cff120c12022-02-14 08:47:32.682root 11241100x80000000000000001755296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcdfe3c6b6d6d5b2022-02-14 08:47:32.682root 11241100x80000000000000001755297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc76022085c6f1b02022-02-14 08:47:32.682root 11241100x80000000000000001755298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0e28a80b2c63802022-02-14 08:47:32.682root 11241100x80000000000000001755299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebeb916fd0eb6642022-02-14 08:47:32.682root 11241100x80000000000000001755300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b68269d54c6ce972022-02-14 08:47:32.682root 11241100x80000000000000001755301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c55bf8c5459b03b2022-02-14 08:47:32.682root 11241100x80000000000000001755302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b410ab83fcb3e7582022-02-14 08:47:32.682root 11241100x80000000000000001755303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6302e19f5d1958222022-02-14 08:47:32.682root 11241100x80000000000000001755304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f07118032fee4d2022-02-14 08:47:32.682root 11241100x80000000000000001755305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307fc27ba5a6b8012022-02-14 08:47:32.682root 11241100x80000000000000001755306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9336ebfc68880d2022-02-14 08:47:32.683root 11241100x80000000000000001755307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78a0bfa754741242022-02-14 08:47:32.683root 11241100x80000000000000001755308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c697daebb6a7c72022-02-14 08:47:32.684root 11241100x80000000000000001755309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901aa6c261991ad22022-02-14 08:47:32.685root 11241100x80000000000000001755310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5931c67d34e82fd72022-02-14 08:47:32.685root 11241100x80000000000000001755311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce1992a587fc5562022-02-14 08:47:32.685root 11241100x80000000000000001755312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27bd0a16d3054ef2022-02-14 08:47:32.685root 11241100x80000000000000001755313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e423fd9be5a1523e2022-02-14 08:47:32.685root 11241100x80000000000000001755314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472125b3d00e4fde2022-02-14 08:47:32.685root 11241100x80000000000000001755315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1f4c7e7fa3d6492022-02-14 08:47:32.685root 11241100x80000000000000001755316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55ff3df347cfb8b2022-02-14 08:47:32.685root 11241100x80000000000000001755317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a274a721ef5ad0762022-02-14 08:47:32.685root 11241100x80000000000000001755318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5016ff83cc1037af2022-02-14 08:47:32.685root 11241100x80000000000000001755319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348e2627a0c5c8832022-02-14 08:47:32.685root 11241100x80000000000000001755320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e26e8156473f8f2022-02-14 08:47:32.685root 11241100x80000000000000001755321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4458628f28c82ceb2022-02-14 08:47:32.686root 11241100x80000000000000001755322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f28f91ad31b4fcc2022-02-14 08:47:32.686root 11241100x80000000000000001755323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4daef0ae86ac182022-02-14 08:47:32.686root 11241100x80000000000000001755324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bceb4b69a5d21b72022-02-14 08:47:32.686root 11241100x80000000000000001755325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4334e312da7c23a2022-02-14 08:47:32.686root 11241100x80000000000000001755326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913ca74995cf59192022-02-14 08:47:32.686root 11241100x80000000000000001755327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b1ee283677c5092022-02-14 08:47:32.686root 11241100x80000000000000001755328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ce4eb6bacda4662022-02-14 08:47:32.687root 11241100x80000000000000001755329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff2d04141c4e8842022-02-14 08:47:32.687root 11241100x80000000000000001755330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce6115a31c808542022-02-14 08:47:32.687root 11241100x80000000000000001755331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b668d02cdacbc962022-02-14 08:47:32.687root 11241100x80000000000000001755332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9174fad9c1f4a02022-02-14 08:47:32.687root 11241100x80000000000000001755333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386e9c11d84323b32022-02-14 08:47:32.688root 11241100x80000000000000001755334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e1a2c8a8ba97b22022-02-14 08:47:32.688root 11241100x80000000000000001755335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162d8138c18283232022-02-14 08:47:32.688root 11241100x80000000000000001755336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81535771046d46c42022-02-14 08:47:32.688root 11241100x80000000000000001755337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6af73300f94b23c2022-02-14 08:47:32.688root 11241100x80000000000000001755338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe45ed491d5bd722022-02-14 08:47:32.688root 11241100x80000000000000001755339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62d6cdf605b117b2022-02-14 08:47:32.689root 11241100x80000000000000001755340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacf217c7016acc52022-02-14 08:47:32.689root 11241100x80000000000000001755341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1b48c6fcf8ad742022-02-14 08:47:32.689root 11241100x80000000000000001755342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc513cd9302eef0f2022-02-14 08:47:32.689root 11241100x80000000000000001755343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9bfdd55f8d086882022-02-14 08:47:32.689root 11241100x80000000000000001755344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bacb5082792d17c2022-02-14 08:47:32.690root 11241100x80000000000000001755345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8019e493f176dc2022-02-14 08:47:32.690root 11241100x80000000000000001755346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0734dc1ed281b82022-02-14 08:47:32.690root 11241100x80000000000000001755347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896576991f82171c2022-02-14 08:47:32.690root 11241100x80000000000000001755348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013f0c22b98f6ef32022-02-14 08:47:32.690root 11241100x80000000000000001755349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0d5e85dfee36892022-02-14 08:47:32.690root 11241100x80000000000000001755350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94a0594add1be5d2022-02-14 08:47:32.690root 11241100x80000000000000001755351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20eacbab94c1da992022-02-14 08:47:32.691root 11241100x80000000000000001755352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951460f2f8bedc932022-02-14 08:47:32.691root 11241100x80000000000000001755353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cca64df805377f2022-02-14 08:47:32.691root 11241100x80000000000000001755354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347037c7eaeb50742022-02-14 08:47:32.691root 11241100x80000000000000001755355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7eba8200d51d6872022-02-14 08:47:32.691root 11241100x80000000000000001755356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbbb641b9f25fec2022-02-14 08:47:32.691root 11241100x80000000000000001755357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007f0c074a1a569f2022-02-14 08:47:32.691root 11241100x80000000000000001755358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d432fe0e7a37aea82022-02-14 08:47:32.692root 11241100x80000000000000001755359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f83c759ff8410842022-02-14 08:47:32.692root 11241100x80000000000000001755360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6631c0398e85cd2022-02-14 08:47:32.692root 11241100x80000000000000001755361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5671f6ffd3b12f772022-02-14 08:47:32.692root 11241100x80000000000000001755362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b6c702eb7967b52022-02-14 08:47:32.692root 11241100x80000000000000001755363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebca5394ea1f4752022-02-14 08:47:32.693root 11241100x80000000000000001755364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc43bc10aff2fe72022-02-14 08:47:32.693root 11241100x80000000000000001755365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0428f42cb49e49bb2022-02-14 08:47:32.693root 11241100x80000000000000001755366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742be67d1489b0b52022-02-14 08:47:32.693root 11241100x80000000000000001755367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c84e866c6b4e1c2022-02-14 08:47:32.693root 11241100x80000000000000001755368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a2d3c1c629f0e02022-02-14 08:47:32.694root 11241100x80000000000000001755369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791d2881636c39d62022-02-14 08:47:32.694root 11241100x80000000000000001755370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79ef3911f4c13e32022-02-14 08:47:32.694root 11241100x80000000000000001755371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b020868dc51f24c42022-02-14 08:47:32.694root 11241100x80000000000000001755372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ab0fad261e67262022-02-14 08:47:32.694root 11241100x80000000000000001755373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2ce32c6770a0722022-02-14 08:47:32.694root 11241100x80000000000000001755374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.694{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0525ef9e743b2602022-02-14 08:47:32.694root 11241100x80000000000000001755375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8234cca3308c0662022-02-14 08:47:32.695root 11241100x80000000000000001755376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3038bb7b4276cb872022-02-14 08:47:32.696root 11241100x80000000000000001755377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1a30734eeeeb8b2022-02-14 08:47:32.696root 11241100x80000000000000001755378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3e0491f36314e72022-02-14 08:47:32.696root 11241100x80000000000000001755379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8842943be4800c062022-02-14 08:47:32.696root 11241100x80000000000000001755380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cc092c249bf84d2022-02-14 08:47:32.697root 11241100x80000000000000001755381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69dd700261a14bbc2022-02-14 08:47:32.698root 11241100x80000000000000001755382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e258f73e8abb542022-02-14 08:47:32.698root 11241100x80000000000000001755383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902335ea0a4830bd2022-02-14 08:47:32.698root 11241100x80000000000000001755384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6b8c36932697f42022-02-14 08:47:32.698root 11241100x80000000000000001755385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0505c5688dcd392d2022-02-14 08:47:32.698root 11241100x80000000000000001755386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd33e5f8292e8d6b2022-02-14 08:47:32.699root 11241100x80000000000000001755387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276be80f9b9d7ac12022-02-14 08:47:32.699root 11241100x80000000000000001755388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a71d3348bce5a12022-02-14 08:47:32.699root 11241100x80000000000000001755389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aef39a91a77af972022-02-14 08:47:32.699root 11241100x80000000000000001755390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f370238e19c29ba72022-02-14 08:47:32.700root 11241100x80000000000000001755391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb693501f1ef2c0f2022-02-14 08:47:32.700root 11241100x80000000000000001755392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0bd53c8dab4bf32022-02-14 08:47:32.700root 11241100x80000000000000001755393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fefbd3f926b4492022-02-14 08:47:32.700root 11241100x80000000000000001755394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3daa921d6f80b4562022-02-14 08:47:32.701root 11241100x80000000000000001755395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946d38dfdb8aab2d2022-02-14 08:47:32.701root 11241100x80000000000000001755396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22fcf952ac608772022-02-14 08:47:32.701root 11241100x80000000000000001755397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e4cd7749681fa02022-02-14 08:47:32.701root 11241100x80000000000000001755398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292f35c3947f490b2022-02-14 08:47:32.701root 11241100x80000000000000001755399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa8561df925fdce2022-02-14 08:47:32.701root 11241100x80000000000000001755400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b463f09895538c72022-02-14 08:47:32.704root 11241100x80000000000000001755401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3aaad5388bb853d2022-02-14 08:47:32.704root 11241100x80000000000000001755402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0122525bf3bae5062022-02-14 08:47:32.704root 11241100x80000000000000001755403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400358dcc8c02d462022-02-14 08:47:32.705root 11241100x80000000000000001755404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70e2c09299e36932022-02-14 08:47:32.705root 11241100x80000000000000001755405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340272876e9845f42022-02-14 08:47:32.705root 11241100x80000000000000001755406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fd19521c396d7e2022-02-14 08:47:32.705root 11241100x80000000000000001755407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30191b4655695b4f2022-02-14 08:47:32.705root 11241100x80000000000000001755408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572d871da642ca2c2022-02-14 08:47:32.705root 11241100x80000000000000001755409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e31e3972d1ca8c82022-02-14 08:47:32.705root 11241100x80000000000000001755410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb024bf3b35ade632022-02-14 08:47:32.705root 11241100x80000000000000001755411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d844d7da2aa5d22022-02-14 08:47:32.705root 11241100x80000000000000001755412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370ab663d0c8bb4f2022-02-14 08:47:32.705root 11241100x80000000000000001755413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.709{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a400005330faa7a2022-02-14 08:47:32.709root 11241100x80000000000000001755414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512fc2f584fd8fb72022-02-14 08:47:32.710root 11241100x80000000000000001755415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f60266c951a4312022-02-14 08:47:32.710root 11241100x80000000000000001755416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd73bd4ce2b45bb2022-02-14 08:47:32.710root 11241100x80000000000000001755417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91632cf0c780d4da2022-02-14 08:47:32.710root 11241100x80000000000000001755418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f456137bd9e51d62022-02-14 08:47:32.710root 11241100x80000000000000001755419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e8595b4b236d592022-02-14 08:47:32.710root 11241100x80000000000000001755420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da046aa47c4cd8ed2022-02-14 08:47:32.710root 11241100x80000000000000001755421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d1a7d5ee95c2f22022-02-14 08:47:32.710root 11241100x80000000000000001755422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.712{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1b40deb82f8be22022-02-14 08:47:32.712root 11241100x80000000000000001755423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.712{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7aadd70766371a2022-02-14 08:47:32.712root 11241100x80000000000000001755424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.713{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab85e9d71e7491e32022-02-14 08:47:32.713root 11241100x80000000000000001755425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.713{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896efafd27f8c54e2022-02-14 08:47:32.713root 11241100x80000000000000001755426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.713{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdd659dd80ab1382022-02-14 08:47:32.713root 11241100x80000000000000001755427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.713{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9337ed1568fc82de2022-02-14 08:47:32.713root 11241100x80000000000000001755428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.713{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad920d4e1fd4c8a82022-02-14 08:47:32.713root 11241100x80000000000000001755429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.713{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f628c330d563fa62022-02-14 08:47:32.713root 11241100x80000000000000001755430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.713{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ce2bdc7318a2bd2022-02-14 08:47:32.713root 11241100x80000000000000001755431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.713{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6739358d7d0ac42022-02-14 08:47:32.713root 11241100x80000000000000001755432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.713{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052c57f36a74d8832022-02-14 08:47:32.713root 11241100x80000000000000001755433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.713{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ace7dafd4d5b0e2022-02-14 08:47:32.713root 11241100x80000000000000001755434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.713{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34afc56c08a630292022-02-14 08:47:32.713root 11241100x80000000000000001755435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.714{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff47cb026870efa2022-02-14 08:47:32.714root 11241100x80000000000000001755436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.714{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589100cc199f82132022-02-14 08:47:32.714root 11241100x80000000000000001755437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ff5ad716317e292022-02-14 08:47:32.715root 11241100x80000000000000001755438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d83b43ea04965572022-02-14 08:47:32.715root 11241100x80000000000000001755439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf19bc9013495562022-02-14 08:47:32.715root 11241100x80000000000000001755440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da905807517214d2022-02-14 08:47:32.715root 11241100x80000000000000001755441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87fed2db25643b62022-02-14 08:47:32.715root 11241100x80000000000000001755442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6039842a9eb9ebf12022-02-14 08:47:32.715root 11241100x80000000000000001755443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e412c8eb08c971912022-02-14 08:47:32.715root 11241100x80000000000000001755444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1390fe6a57e826142022-02-14 08:47:32.715root 11241100x80000000000000001755445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8f852de285c54e2022-02-14 08:47:32.715root 11241100x80000000000000001755446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8372459b260c50822022-02-14 08:47:32.715root 11241100x80000000000000001755447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d9ec32a788561d2022-02-14 08:47:32.715root 11241100x80000000000000001755448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae89c6bf476b34de2022-02-14 08:47:32.715root 11241100x80000000000000001755449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.716{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a36fc86fb66dc652022-02-14 08:47:32.716root 11241100x80000000000000001755450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.716{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c0bb11fb70c55c2022-02-14 08:47:32.716root 11241100x80000000000000001755451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.717{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6410ca7a57a474152022-02-14 08:47:32.717root 11241100x80000000000000001755452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.717{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c5b35bf41b23742022-02-14 08:47:32.717root 11241100x80000000000000001755453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.717{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b89c27468684ea12022-02-14 08:47:32.717root 11241100x80000000000000001755454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.718{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbee9c144a37eb52022-02-14 08:47:32.718root 11241100x80000000000000001755455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.718{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332a2952b5d383432022-02-14 08:47:32.718root 11241100x80000000000000001755456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.718{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0374006410daab562022-02-14 08:47:32.718root 11241100x80000000000000001755457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.718{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eabd5f948d61762022-02-14 08:47:32.718root 11241100x80000000000000001755458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.719{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd52685064c9c7912022-02-14 08:47:32.719root 11241100x80000000000000001755459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.719{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3213d9324a72fe2022-02-14 08:47:32.719root 11241100x80000000000000001755460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.719{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdaeca3ed4d105802022-02-14 08:47:32.719root 11241100x80000000000000001755461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.719{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6267c373232b9b12022-02-14 08:47:32.719root 11241100x80000000000000001755462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc1bc0f797f70b52022-02-14 08:47:32.720root 11241100x80000000000000001755463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e9ba4d6afe3db42022-02-14 08:47:32.720root 11241100x80000000000000001755464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2299c0a674376d1b2022-02-14 08:47:32.720root 11241100x80000000000000001755465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36b11b2aa6dfcf62022-02-14 08:47:32.720root 11241100x80000000000000001755466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2decfe5370fc1f2022-02-14 08:47:32.720root 11241100x80000000000000001755467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fb388bf8f022f82022-02-14 08:47:32.720root 11241100x80000000000000001755468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac57b67452a0161b2022-02-14 08:47:32.720root 11241100x80000000000000001755469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f92de984a46e2eb2022-02-14 08:47:32.721root 11241100x80000000000000001755470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63b12073b51cd1b2022-02-14 08:47:32.721root 11241100x80000000000000001755471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02eba8462ec6f982022-02-14 08:47:32.721root 11241100x80000000000000001755472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68d9d8f267432e92022-02-14 08:47:32.721root 11241100x80000000000000001755473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.722{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3e978a35ff67ab2022-02-14 08:47:32.722root 11241100x80000000000000001755474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.722{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5558b1a3051b19812022-02-14 08:47:32.722root 11241100x80000000000000001755475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.723{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510494592a9cc3ec2022-02-14 08:47:32.723root 11241100x80000000000000001755476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.723{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e02d4e37feb70ce2022-02-14 08:47:32.723root 11241100x80000000000000001755477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.723{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a8415ad65a57a62022-02-14 08:47:32.723root 11241100x80000000000000001755478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.723{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19f7f951e6ac9f22022-02-14 08:47:32.723root 11241100x80000000000000001755479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74c4c860fc961cc2022-02-14 08:47:32.724root 11241100x80000000000000001755480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6392278b4593d92022-02-14 08:47:32.724root 11241100x80000000000000001755481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4323d406d6e2ff2022-02-14 08:47:32.724root 11241100x80000000000000001755482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d4046dfc71f2152022-02-14 08:47:32.724root 11241100x80000000000000001755483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca87ca09448db58b2022-02-14 08:47:32.724root 11241100x80000000000000001755484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cea36ecd339d0e2022-02-14 08:47:32.724root 11241100x80000000000000001755485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.725{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380464550e5f91042022-02-14 08:47:32.725root 11241100x80000000000000001755486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.725{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e403292125b0e1fc2022-02-14 08:47:32.725root 11241100x80000000000000001755487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f285ed980eb2fef2022-02-14 08:47:32.726root 11241100x80000000000000001755488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26954f5ff989b6dd2022-02-14 08:47:32.726root 11241100x80000000000000001755489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.726{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5a1a884ae0848e2022-02-14 08:47:32.726root 11241100x80000000000000001755490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653d5dc42b91b5902022-02-14 08:47:32.728root 11241100x80000000000000001755491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781e9f21b7ab89fd2022-02-14 08:47:32.728root 11241100x80000000000000001755492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354512a2c7871ae42022-02-14 08:47:32.728root 11241100x80000000000000001755493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e1556365c7b53c2022-02-14 08:47:32.728root 11241100x80000000000000001755494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a213cf6aeeced4372022-02-14 08:47:32.728root 11241100x80000000000000001755495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b70835ced3e30802022-02-14 08:47:32.728root 11241100x80000000000000001755496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1768c8b6c9c646d72022-02-14 08:47:32.729root 11241100x80000000000000001755497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39bf9c687e2827b2022-02-14 08:47:32.729root 11241100x80000000000000001755498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bff1bd903f2abc2022-02-14 08:47:32.729root 11241100x80000000000000001755499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46078604b696fbf72022-02-14 08:47:32.729root 11241100x80000000000000001755500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9480d96c5f98bb2022-02-14 08:47:32.729root 11241100x80000000000000001755501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3abf13a6e0bc04d2022-02-14 08:47:32.729root 11241100x80000000000000001755502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3f921832b4e57c2022-02-14 08:47:32.729root 11241100x80000000000000001755503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd08914e22b31c32022-02-14 08:47:32.730root 11241100x80000000000000001755504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e5bdfbc41add2f2022-02-14 08:47:32.730root 11241100x80000000000000001755505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885ec0bb17efe1472022-02-14 08:47:32.731root 11241100x80000000000000001755506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35f1ee60a38c8ad2022-02-14 08:47:32.731root 11241100x80000000000000001755507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee8f38152bf3f502022-02-14 08:47:32.731root 11241100x80000000000000001755508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81919461d7484ee92022-02-14 08:47:32.731root 11241100x80000000000000001755509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb86ef244893f1c2022-02-14 08:47:32.732root 11241100x80000000000000001755510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b00a332c7fb4de32022-02-14 08:47:32.732root 11241100x80000000000000001755511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed0896e6f8278bb2022-02-14 08:47:32.732root 11241100x80000000000000001755512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8590fc9cfc2b7d62022-02-14 08:47:32.732root 11241100x80000000000000001755513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff9c0ecb3bccd0d2022-02-14 08:47:32.734root 11241100x80000000000000001755514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8f303b84bc0db12022-02-14 08:47:32.734root 11241100x80000000000000001755515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff25c5d53bafc55d2022-02-14 08:47:32.734root 11241100x80000000000000001755516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2375b4d8e0ec0062022-02-14 08:47:32.734root 11241100x80000000000000001755517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3980309b8f568e7e2022-02-14 08:47:32.735root 11241100x80000000000000001755518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37a6995130cd6b12022-02-14 08:47:32.735root 11241100x80000000000000001755519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e47a47317c3565d2022-02-14 08:47:32.735root 11241100x80000000000000001755520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece581890ecd0d202022-02-14 08:47:32.736root 11241100x80000000000000001755521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3448f21419378e2022-02-14 08:47:32.736root 11241100x80000000000000001755522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fdf07da45e61492022-02-14 08:47:32.736root 11241100x80000000000000001755523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b694f1678b1241d92022-02-14 08:47:32.736root 11241100x80000000000000001755524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.737{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ece2913516b211a2022-02-14 08:47:32.737root 11241100x80000000000000001755525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.737{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d603dadd55799612022-02-14 08:47:32.737root 11241100x80000000000000001755526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.737{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90a549af2a41b192022-02-14 08:47:32.737root 11241100x80000000000000001755527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.738{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1129981a6070a72022-02-14 08:47:32.738root 11241100x80000000000000001755528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.738{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e052dc4426540392022-02-14 08:47:32.738root 11241100x80000000000000001755529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.738{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9974c1ddc0b2899f2022-02-14 08:47:32.738root 11241100x80000000000000001755530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.738{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd4324424efbfd12022-02-14 08:47:32.738root 11241100x80000000000000001755531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb85f46d05dfb6d2022-02-14 08:47:32.739root 11241100x80000000000000001755532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d376c51b7ecaba22022-02-14 08:47:32.739root 11241100x80000000000000001755533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.739{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcb1bcd7a439f012022-02-14 08:47:32.739root 11241100x80000000000000001755534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdeb8a3ac238d56e2022-02-14 08:47:32.740root 11241100x80000000000000001755535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85528859f56fe7e2022-02-14 08:47:32.740root 11241100x80000000000000001755536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d721b706db1bd7fd2022-02-14 08:47:32.740root 11241100x80000000000000001755537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfdfd12a6c8191bb2022-02-14 08:47:32.740root 11241100x80000000000000001755538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b662e33197b5ec3e2022-02-14 08:47:32.740root 11241100x80000000000000001755539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6aaa601433e5d212022-02-14 08:47:32.740root 11241100x80000000000000001755540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebc45e2b357519e2022-02-14 08:47:32.740root 11241100x80000000000000001755541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9907bf947e9a78a2022-02-14 08:47:32.740root 11241100x80000000000000001755542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db95bba09e79a232022-02-14 08:47:32.740root 11241100x80000000000000001755543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b4690545baffe02022-02-14 08:47:32.740root 11241100x80000000000000001755544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.740{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f6de27449992562022-02-14 08:47:32.740root 11241100x80000000000000001755545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.742{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5606ec76efee99372022-02-14 08:47:32.742root 11241100x80000000000000001755546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.743{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f17ccbc415bf4712022-02-14 08:47:32.743root 11241100x80000000000000001755547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.743{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0682784bd46c05e42022-02-14 08:47:32.743root 11241100x80000000000000001755548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.743{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5a1ced6f848a922022-02-14 08:47:32.743root 11241100x80000000000000001755549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.744{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a801c791c7e48bc42022-02-14 08:47:32.744root 11241100x80000000000000001755550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.744{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a58a83f9df511a12022-02-14 08:47:32.744root 11241100x80000000000000001755551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.744{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4750a38646592f32022-02-14 08:47:32.744root 11241100x80000000000000001755552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ee59cbe18692442022-02-14 08:47:32.745root 11241100x80000000000000001755553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.745{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a47635a87f72862022-02-14 08:47:32.745root 11241100x80000000000000001755554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919bac3de6704fa22022-02-14 08:47:32.746root 11241100x80000000000000001755555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14a08599d2d34da2022-02-14 08:47:32.746root 11241100x80000000000000001755556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.746{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6187853766e6d252022-02-14 08:47:32.746root 11241100x80000000000000001755557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5d1b66f049d2292022-02-14 08:47:32.747root 11241100x80000000000000001755558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f30f1555033da82022-02-14 08:47:32.747root 11241100x80000000000000001755559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7830c5148ccc93912022-02-14 08:47:32.747root 11241100x80000000000000001755560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.747{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aee9f62a502d35a2022-02-14 08:47:32.747root 11241100x80000000000000001755561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21c0c6b3185ecb12022-02-14 08:47:32.748root 11241100x80000000000000001755562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed25e4b7d958e1df2022-02-14 08:47:32.748root 11241100x80000000000000001755563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d108873dd289e52022-02-14 08:47:32.748root 11241100x80000000000000001755564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380587eeeec684b92022-02-14 08:47:32.748root 11241100x80000000000000001755565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.748{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34a5a45706383272022-02-14 08:47:32.748root 11241100x80000000000000001755566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd1942453de66972022-02-14 08:47:32.749root 11241100x80000000000000001755567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9f07c232cc064d2022-02-14 08:47:32.749root 11241100x80000000000000001755568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c179ede882b383ce2022-02-14 08:47:32.749root 11241100x80000000000000001755569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c838be3d888120eb2022-02-14 08:47:32.749root 11241100x80000000000000001755570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.749{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7caf74f8bea8daf2022-02-14 08:47:32.749root 11241100x80000000000000001755571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.753{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bfd4480401db172022-02-14 08:47:32.753root 11241100x80000000000000001755572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.753{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ec9f4492ea7b0a2022-02-14 08:47:32.753root 11241100x80000000000000001755573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.753{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18efb78dcaaeff42022-02-14 08:47:32.753root 11241100x80000000000000001755574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.753{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7181cadb4a53f2822022-02-14 08:47:32.753root 11241100x80000000000000001755575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.754{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb82e5298542d512022-02-14 08:47:32.754root 11241100x80000000000000001755576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.754{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54364edf05ebae542022-02-14 08:47:32.754root 11241100x80000000000000001755577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.755{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca5689ca3daebc62022-02-14 08:47:32.755root 11241100x80000000000000001755578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.755{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114d4ebf28a0e71f2022-02-14 08:47:32.755root 11241100x80000000000000001755579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.755{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9460e1e2ad008852022-02-14 08:47:32.755root 11241100x80000000000000001755580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.755{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787d8473ead5dbef2022-02-14 08:47:32.755root 11241100x80000000000000001755581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.756{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a243314c2203d8692022-02-14 08:47:32.756root 11241100x80000000000000001755582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.756{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698f845d351efda12022-02-14 08:47:32.756root 11241100x80000000000000001755583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.756{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6a45977da8a3602022-02-14 08:47:32.756root 11241100x80000000000000001755584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.757{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d135c4529b10a52022-02-14 08:47:32.757root 11241100x80000000000000001755585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.757{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b76a60df0e67362022-02-14 08:47:32.757root 11241100x80000000000000001755586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.757{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f734157f9c0410f82022-02-14 08:47:32.757root 11241100x80000000000000001755587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.757{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d514bd236fc2d36e2022-02-14 08:47:32.757root 11241100x80000000000000001755588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.757{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bce4f6395885962022-02-14 08:47:32.757root 11241100x80000000000000001755589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.757{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686c05fde0bfb71a2022-02-14 08:47:32.757root 11241100x80000000000000001755590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.762{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57a155ee27c90332022-02-14 08:47:32.762root 11241100x80000000000000001755591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.763{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d340db295e25262022-02-14 08:47:32.763root 11241100x80000000000000001755592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.764{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd581eea49729ec32022-02-14 08:47:32.764root 11241100x80000000000000001755593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.764{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427c630cd21697d12022-02-14 08:47:32.764root 11241100x80000000000000001755594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.764{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0342441a179c3b2022-02-14 08:47:32.764root 11241100x80000000000000001755595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.764{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f00205825e86a42022-02-14 08:47:32.764root 11241100x80000000000000001755596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.764{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5297a6822cd41c02022-02-14 08:47:32.764root 11241100x80000000000000001755597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.764{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076b21cfa18811a12022-02-14 08:47:32.764root 11241100x80000000000000001755598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.765{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19eb5d73d1f579022022-02-14 08:47:32.765root 11241100x80000000000000001755599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.765{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0727da28357722a2022-02-14 08:47:32.765root 11241100x80000000000000001755600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.770{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df89bc73503144d52022-02-14 08:47:32.770root 11241100x80000000000000001755601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.770{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0440febfc0bf413c2022-02-14 08:47:32.770root 11241100x80000000000000001755602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.772{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c536412aaab8b5662022-02-14 08:47:32.772root 11241100x80000000000000001755603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.772{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0d1f54540d83d02022-02-14 08:47:32.772root 11241100x80000000000000001755604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.774{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920cb0fb093fa2e22022-02-14 08:47:32.774root 11241100x80000000000000001755605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.774{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8ebb00783357482022-02-14 08:47:32.774root 11241100x80000000000000001755606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.774{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aefb42c3d94e0ee2022-02-14 08:47:32.774root 11241100x80000000000000001755607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.774{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fd5a147047edb52022-02-14 08:47:32.774root 11241100x80000000000000001755608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.774{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e353e25dae16b62022-02-14 08:47:32.774root 11241100x80000000000000001755609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.774{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ac9ded3ed372842022-02-14 08:47:32.774root 11241100x80000000000000001755610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.774{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30431400713b8442022-02-14 08:47:32.774root 11241100x80000000000000001755611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.774{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3791840f3f1170322022-02-14 08:47:32.774root 11241100x80000000000000001755612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.774{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be90c190429f689e2022-02-14 08:47:32.774root 11241100x80000000000000001755613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.774{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb424f072111f0fd2022-02-14 08:47:32.774root 11241100x80000000000000001755614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.774{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85ac8e57bbee1a02022-02-14 08:47:32.774root 11241100x80000000000000001755615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.775{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3c401df40c75d42022-02-14 08:47:32.775root 11241100x80000000000000001755616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.775{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8fd9fbf564e4602022-02-14 08:47:32.775root 11241100x80000000000000001755617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.775{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd94ea76a9832ed12022-02-14 08:47:32.775root 11241100x80000000000000001755618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.775{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2ac29eb3a400382022-02-14 08:47:32.775root 11241100x80000000000000001755619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.775{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6795fdb61307e5622022-02-14 08:47:32.775root 11241100x80000000000000001755620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.775{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fd62df51c9335a2022-02-14 08:47:32.775root 11241100x80000000000000001755621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.775{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349a324e41350c5f2022-02-14 08:47:32.775root 11241100x80000000000000001755622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.775{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f99d9b09fcd51832022-02-14 08:47:32.775root 11241100x80000000000000001755623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.775{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d0c704c0827e2b2022-02-14 08:47:32.775root 11241100x80000000000000001755624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.775{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65ba96bc323c11e2022-02-14 08:47:32.775root 11241100x80000000000000001755625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.775{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b59da3a2c43d0bb2022-02-14 08:47:32.775root 11241100x80000000000000001755626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.775{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e329db5ab43a442022-02-14 08:47:32.775root 11241100x80000000000000001755627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.775{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de825012184a26ac2022-02-14 08:47:32.775root 11241100x80000000000000001755628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.775{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1332a619a67ca92022-02-14 08:47:32.775root 11241100x80000000000000001755629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.775{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae5c38100f0609a2022-02-14 08:47:32.775root 11241100x80000000000000001755630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.776{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db44c7ebd5ef3dd02022-02-14 08:47:32.776root 11241100x80000000000000001755631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.776{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd1d01a3756fd7a2022-02-14 08:47:32.776root 11241100x80000000000000001755632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.776{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5527c71a6bb729a32022-02-14 08:47:32.776root 11241100x80000000000000001755633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.776{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbfd085d585d2782022-02-14 08:47:32.776root 11241100x80000000000000001755634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.776{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23af31d5377a17a2022-02-14 08:47:32.776root 11241100x80000000000000001755635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.776{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c713d5daf2f8142022-02-14 08:47:32.776root 11241100x80000000000000001755636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.779{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced9b6ac29adb1222022-02-14 08:47:32.779root 11241100x80000000000000001755637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.779{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae591892b51f22492022-02-14 08:47:32.779root 11241100x80000000000000001755638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.779{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139df6a73804472f2022-02-14 08:47:32.779root 11241100x80000000000000001755639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.780{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca87b828983590442022-02-14 08:47:32.780root 11241100x80000000000000001755640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.780{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b4809de205c2042022-02-14 08:47:32.780root 11241100x80000000000000001755641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.780{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35086792278a0792022-02-14 08:47:32.780root 11241100x80000000000000001755642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.780{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f3e8109ede77cb2022-02-14 08:47:32.780root 11241100x80000000000000001755643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.780{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470712f02fc259fe2022-02-14 08:47:32.780root 11241100x80000000000000001755644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.780{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171217f0c0c257052022-02-14 08:47:32.780root 11241100x80000000000000001755645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.780{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba9547021d9dc8f2022-02-14 08:47:32.780root 11241100x80000000000000001755646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.780{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba35b50471a7cc3e2022-02-14 08:47:32.780root 11241100x80000000000000001755647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.780{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb67447c61793d02022-02-14 08:47:32.780root 11241100x80000000000000001755648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.780{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485a4a19da00e1b22022-02-14 08:47:32.780root 11241100x80000000000000001755649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.780{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d9911877be97c22022-02-14 08:47:32.780root 11241100x80000000000000001755650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.781{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3ff0dd35ec9b3c2022-02-14 08:47:32.781root 11241100x80000000000000001755651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.781{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99f530399965b452022-02-14 08:47:32.781root 11241100x80000000000000001755652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.781{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc8956ee8b9d3842022-02-14 08:47:32.781root 11241100x80000000000000001755653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.781{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8aeebd7f5e9ea02022-02-14 08:47:32.781root 11241100x80000000000000001755654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.781{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5937cb0a9d8284f72022-02-14 08:47:32.781root 11241100x80000000000000001755655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.781{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0cb818c93fdfdc2022-02-14 08:47:32.781root 11241100x80000000000000001755656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.781{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ee6b0cdc1374012022-02-14 08:47:32.781root 11241100x80000000000000001755657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.781{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc556fdc2724ab22022-02-14 08:47:32.781root 11241100x80000000000000001755658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.781{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369476a38f619de32022-02-14 08:47:32.781root 11241100x80000000000000001755659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.781{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0474b901549209312022-02-14 08:47:32.781root 11241100x80000000000000001755660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.782{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3a19557950ee6b2022-02-14 08:47:32.782root 11241100x80000000000000001755661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.782{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5801d6b11ea233352022-02-14 08:47:32.782root 11241100x80000000000000001755662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.782{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b05b31e49a64b82022-02-14 08:47:32.782root 11241100x80000000000000001755663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.782{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fe4ba1257b22202022-02-14 08:47:32.782root 11241100x80000000000000001755664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.782{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4aa490469e0d322022-02-14 08:47:32.782root 11241100x80000000000000001755665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.782{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa853a06dbf36bb2022-02-14 08:47:32.782root 11241100x80000000000000001755666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.782{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcef99cb2c0f9fa2022-02-14 08:47:32.782root 11241100x80000000000000001755667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.782{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6583a1ed2040372022-02-14 08:47:32.782root 11241100x80000000000000001755668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.782{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad283125f8d6e9ae2022-02-14 08:47:32.782root 11241100x80000000000000001755669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.782{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4ced232570f5e62022-02-14 08:47:32.782root 11241100x80000000000000001755670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.782{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed42042a4630cd7c2022-02-14 08:47:32.782root 11241100x80000000000000001755671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.784{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3347010ab601562022-02-14 08:47:32.784root 11241100x80000000000000001755672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.784{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cffd7a92dd3b2562022-02-14 08:47:32.784root 11241100x80000000000000001755673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.784{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdca6d86413e9e7d2022-02-14 08:47:32.784root 11241100x80000000000000001755674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.784{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5025b173ca67d0462022-02-14 08:47:32.784root 11241100x80000000000000001755675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.784{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf849f70cdf6b902022-02-14 08:47:32.784root 11241100x80000000000000001755676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.787{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63bf20422b12c9912022-02-14 08:47:32.787root 11241100x80000000000000001755677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.787{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58e8f0f96e1f4242022-02-14 08:47:32.787root 11241100x80000000000000001755678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.787{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0905739bfb345fb22022-02-14 08:47:32.787root 11241100x80000000000000001755679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.787{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b488a2b44d316da92022-02-14 08:47:32.787root 11241100x80000000000000001755680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.787{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47da820991a8dacb2022-02-14 08:47:32.787root 11241100x80000000000000001755681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.788{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401f1b9f4e906b322022-02-14 08:47:32.788root 11241100x80000000000000001755682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.788{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5613bbd638b7d962022-02-14 08:47:32.788root 11241100x80000000000000001755683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.788{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d642130246d03892022-02-14 08:47:32.788root 11241100x80000000000000001755684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.788{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c11d02340ddc57b2022-02-14 08:47:32.788root 11241100x80000000000000001755685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.788{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbe31aa5d4c7c362022-02-14 08:47:32.788root 11241100x80000000000000001755686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.788{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3808af2dc0ab3f42022-02-14 08:47:32.788root 11241100x80000000000000001755687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.788{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a39f1f291593072022-02-14 08:47:32.788root 11241100x80000000000000001755688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.788{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b977e557ef29ac2022-02-14 08:47:32.788root 11241100x80000000000000001755689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.788{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f1abb1cdf29b2b2022-02-14 08:47:32.788root 11241100x80000000000000001755690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.788{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bee87ece1a29bb2022-02-14 08:47:32.788root 11241100x80000000000000001755691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.788{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd722fff5c6208382022-02-14 08:47:32.788root 11241100x80000000000000001755692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.789{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d9e8ff701f4f442022-02-14 08:47:32.789root 11241100x80000000000000001755693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.789{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4d213c5b1b5c2f2022-02-14 08:47:32.789root 11241100x80000000000000001755694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.789{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ae2538e0c9ee1f2022-02-14 08:47:32.789root 11241100x80000000000000001755695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.789{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e330faa22654866a2022-02-14 08:47:32.789root 11241100x80000000000000001755696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.789{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd35692a991b27462022-02-14 08:47:32.789root 11241100x80000000000000001755697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.789{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85cfae30d59e69442022-02-14 08:47:32.789root 11241100x80000000000000001755698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.789{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9468ff07df652a222022-02-14 08:47:32.789root 11241100x80000000000000001755699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.789{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4200e0e8d7c8db5f2022-02-14 08:47:32.789root 11241100x80000000000000001755700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.789{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a067fdbea3429e782022-02-14 08:47:32.789root 11241100x80000000000000001755701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.789{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb295c29ad9ed8e12022-02-14 08:47:32.789root 11241100x80000000000000001755702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.789{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5e9fd9b4523c7d2022-02-14 08:47:32.789root 11241100x80000000000000001755703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.790{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34f4ea860e94df72022-02-14 08:47:32.790root 11241100x80000000000000001755704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.790{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fd806af8cd1fa62022-02-14 08:47:32.790root 11241100x80000000000000001755705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.790{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90b23055f73283b2022-02-14 08:47:32.790root 11241100x80000000000000001755706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.790{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cf438e5b2f2c1d2022-02-14 08:47:32.790root 11241100x80000000000000001755707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.790{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad824b29d545953f2022-02-14 08:47:32.790root 11241100x80000000000000001755708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.790{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9294be32fefdf1652022-02-14 08:47:32.790root 11241100x80000000000000001755709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.790{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d87dd8f11e350d2022-02-14 08:47:32.790root 11241100x80000000000000001755710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.790{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85d94087fe7c1992022-02-14 08:47:32.790root 11241100x80000000000000001755711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.790{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada71543f386ab022022-02-14 08:47:32.790root 11241100x80000000000000001755712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.790{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3719f4c16b7fa9232022-02-14 08:47:32.790root 11241100x80000000000000001755713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.790{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b484bed622ec4bb2022-02-14 08:47:32.790root 11241100x80000000000000001755714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.791{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11d8f7e534d1ecc2022-02-14 08:47:32.791root 11241100x80000000000000001755715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.791{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1b109d6740ff662022-02-14 08:47:32.791root 11241100x80000000000000001755716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.791{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110c94be0bd7b0c02022-02-14 08:47:32.791root 11241100x80000000000000001755717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.791{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b2b35e7a9a7bdc2022-02-14 08:47:32.791root 11241100x80000000000000001755718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.793{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37dd74e79aa38d62022-02-14 08:47:32.793root 11241100x80000000000000001755719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.793{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc58b13f88998eb2022-02-14 08:47:32.793root 11241100x80000000000000001755720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.794{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d412db363355f2932022-02-14 08:47:32.794root 11241100x80000000000000001755721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.794{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d48335c7a1b241e2022-02-14 08:47:32.794root 11241100x80000000000000001755722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.799{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b4b48719ed09f82022-02-14 08:47:32.799root 11241100x80000000000000001755723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.799{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d615741bbd221f2022-02-14 08:47:32.799root 11241100x80000000000000001755724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.799{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6021b7f812e78c2022-02-14 08:47:32.799root 11241100x80000000000000001755725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.799{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8a6a79bdc1f7512022-02-14 08:47:32.799root 11241100x80000000000000001755726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.799{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acb7601314d26a62022-02-14 08:47:32.799root 11241100x80000000000000001755727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.799{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3f89c3321939532022-02-14 08:47:32.799root 11241100x80000000000000001755728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.799{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a640045ec6335e9f2022-02-14 08:47:32.799root 11241100x80000000000000001755729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8264fc5b531edf62022-02-14 08:47:32.800root 11241100x80000000000000001755730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ffb3f6ef9babdb2022-02-14 08:47:32.800root 11241100x80000000000000001755731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf19614dac733fe2022-02-14 08:47:32.800root 11241100x80000000000000001755732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07af3eb0ece4f88e2022-02-14 08:47:32.800root 11241100x80000000000000001755733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b0c0482729a22c2022-02-14 08:47:32.800root 11241100x80000000000000001755734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78db237c7f87a9472022-02-14 08:47:32.800root 11241100x80000000000000001755735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abffaa8d5676e562022-02-14 08:47:32.800root 11241100x80000000000000001755736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20970403a47da8412022-02-14 08:47:32.800root 11241100x80000000000000001755737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6dfbc75ca86192d2022-02-14 08:47:32.800root 11241100x80000000000000001755738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcc37aa5148cb772022-02-14 08:47:32.800root 11241100x80000000000000001755739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5146476ad8df5d2022-02-14 08:47:32.800root 11241100x80000000000000001755740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.800{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2867c74cf3f4232022-02-14 08:47:32.800root 11241100x80000000000000001755741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.801{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7fd08f84af244f2022-02-14 08:47:32.801root 11241100x80000000000000001755742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.801{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065fbb8a0cbccd0e2022-02-14 08:47:32.801root 11241100x80000000000000001755743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.801{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3f8a87bfbaca252022-02-14 08:47:32.801root 11241100x80000000000000001755744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.801{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9fbd46e96e7b322022-02-14 08:47:32.801root 11241100x80000000000000001755745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.801{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22950d668d03c47f2022-02-14 08:47:32.801root 11241100x80000000000000001755746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.801{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b14f29e90b27c122022-02-14 08:47:32.801root 11241100x80000000000000001755747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.801{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14c2cce270cd6d82022-02-14 08:47:32.801root 11241100x80000000000000001755748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.801{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339acde257a326482022-02-14 08:47:32.801root 11241100x80000000000000001755749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.801{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608f22c2b8abac352022-02-14 08:47:32.801root 11241100x80000000000000001755750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.801{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fb1b90d47d53182022-02-14 08:47:32.801root 11241100x80000000000000001755751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.801{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5b51aa617541332022-02-14 08:47:32.801root 11241100x80000000000000001755752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.801{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bb9f5408b1fcbb2022-02-14 08:47:32.801root 11241100x80000000000000001755753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.801{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada705607d885f0d2022-02-14 08:47:32.801root 11241100x80000000000000001755754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.801{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64ebfb1cc9859112022-02-14 08:47:32.801root 11241100x80000000000000001755755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.802{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2649977a0e8c8cd22022-02-14 08:47:32.802root 11241100x80000000000000001755756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.802{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3201996101cd002022-02-14 08:47:32.802root 11241100x80000000000000001755757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.802{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0a8e24c77b8e272022-02-14 08:47:32.802root 11241100x80000000000000001755758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.802{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be90529f19e0f6e82022-02-14 08:47:32.802root 11241100x80000000000000001755759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.802{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4dd32a485b0d982022-02-14 08:47:32.802root 11241100x80000000000000001755760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.802{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52a0fe87ce541872022-02-14 08:47:32.802root 11241100x80000000000000001755761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.802{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9df49149eaf59542022-02-14 08:47:32.802root 11241100x80000000000000001755762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.802{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1619712b217d5ec02022-02-14 08:47:32.802root 11241100x80000000000000001755763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.802{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b303dc0c3a0cda72022-02-14 08:47:32.802root 11241100x80000000000000001755764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.802{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752ff3052a8a0e0c2022-02-14 08:47:32.802root 11241100x80000000000000001755765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.802{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4a59bbcd9a17fc2022-02-14 08:47:32.802root 11241100x80000000000000001755766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.802{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06491204ec5ae82f2022-02-14 08:47:32.802root 11241100x80000000000000001755767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab33cca6ff2cd9392022-02-14 08:47:32.803root 11241100x80000000000000001755768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024416fd34ee9f332022-02-14 08:47:32.803root 11241100x80000000000000001755769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46d129525d2c3332022-02-14 08:47:32.803root 11241100x80000000000000001755770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bf68cb64bd9c892022-02-14 08:47:32.803root 11241100x80000000000000001755771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774b8232d6a36af32022-02-14 08:47:32.803root 11241100x80000000000000001755772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423420524b37857f2022-02-14 08:47:32.803root 11241100x80000000000000001755773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cb00ee864f8d892022-02-14 08:47:32.803root 11241100x80000000000000001755774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402e8e94304b9a5b2022-02-14 08:47:32.803root 11241100x80000000000000001755775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab90936a44ec5e572022-02-14 08:47:32.803root 11241100x80000000000000001755776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86290d1e53b6f82f2022-02-14 08:47:32.803root 11241100x80000000000000001755777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1d336c4392ad102022-02-14 08:47:32.803root 11241100x80000000000000001755778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.803{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51116165ea39a0e32022-02-14 08:47:32.803root 11241100x80000000000000001755779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32aac25cb2032c2c2022-02-14 08:47:32.808root 11241100x80000000000000001755780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e2f180950b89582022-02-14 08:47:32.808root 11241100x80000000000000001755781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d8666096420b322022-02-14 08:47:32.808root 11241100x80000000000000001755782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73f222e4c14db4f2022-02-14 08:47:32.808root 11241100x80000000000000001755783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d55ccc29df9fa42022-02-14 08:47:32.808root 11241100x80000000000000001755784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4116292b288d6acf2022-02-14 08:47:32.808root 11241100x80000000000000001755785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.808{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b774ec75bac9e3372022-02-14 08:47:32.808root 11241100x80000000000000001755786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970df099aa7ca38c2022-02-14 08:47:32.809root 11241100x80000000000000001755787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28e6272a72552652022-02-14 08:47:32.809root 11241100x80000000000000001755788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2daf05335f1e062022-02-14 08:47:32.809root 11241100x80000000000000001755789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9605ee227957f9852022-02-14 08:47:32.809root 11241100x80000000000000001755790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d954ef8174c8cf052022-02-14 08:47:32.809root 11241100x80000000000000001755791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b332fa6122fc84ed2022-02-14 08:47:32.809root 11241100x80000000000000001755792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122235c8e253abb32022-02-14 08:47:32.809root 11241100x80000000000000001755793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0c1cf0ce28ba842022-02-14 08:47:32.809root 11241100x80000000000000001755794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.809{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4080727539a2132022-02-14 08:47:32.809root 11241100x80000000000000001755795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c9b3dbe6fc98832022-02-14 08:47:32.811root 11241100x80000000000000001755796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7e62dc8a0621982022-02-14 08:47:32.811root 11241100x80000000000000001755797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b400f9f060a799612022-02-14 08:47:32.811root 11241100x80000000000000001755798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eebb22d8c49336d2022-02-14 08:47:32.811root 11241100x80000000000000001755799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce4d097eb0d1c5c2022-02-14 08:47:32.811root 11241100x80000000000000001755800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4afcb3179b0c33b2022-02-14 08:47:32.811root 11241100x80000000000000001755801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79eeca8fc18f0b82022-02-14 08:47:32.811root 11241100x80000000000000001755802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c97bc1b3c3bd702022-02-14 08:47:32.811root 11241100x80000000000000001755803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fe135b359d0a6f2022-02-14 08:47:32.811root 11241100x80000000000000001755804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.811{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b9266eb2f1181f2022-02-14 08:47:32.811root 11241100x80000000000000001755805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.812{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fff0a0146573142022-02-14 08:47:32.812root 11241100x80000000000000001755806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.812{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e93e5251d8d74e32022-02-14 08:47:32.812root 11241100x80000000000000001755807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.812{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7ceb58e6f79c252022-02-14 08:47:32.812root 11241100x80000000000000001755808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.812{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06c02cfe5404b392022-02-14 08:47:32.812root 11241100x80000000000000001755809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.812{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2a40c5d5db00912022-02-14 08:47:32.812root 11241100x80000000000000001755810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.812{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dd8e7a990865162022-02-14 08:47:32.812root 11241100x80000000000000001755811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.812{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0f176af67c0e0d2022-02-14 08:47:32.812root 11241100x80000000000000001755812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.812{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2568f1049c16b12022-02-14 08:47:32.812root 11241100x80000000000000001755813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.812{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1b344f9eda55182022-02-14 08:47:32.812root 11241100x80000000000000001755814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.812{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfb11ec92b391f32022-02-14 08:47:32.812root 11241100x80000000000000001755815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88da2833604dcc3d2022-02-14 08:47:32.813root 11241100x80000000000000001755816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e7ae65d09e26542022-02-14 08:47:32.813root 11241100x80000000000000001755817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce5ab987b9222422022-02-14 08:47:32.813root 11241100x80000000000000001755818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e4cfe381332b972022-02-14 08:47:32.813root 11241100x80000000000000001755819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecdc87612d573052022-02-14 08:47:32.813root 11241100x80000000000000001755820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6454f115a29e9c6c2022-02-14 08:47:32.813root 11241100x80000000000000001755821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857b9f4a1aea63632022-02-14 08:47:32.813root 11241100x80000000000000001755822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fe5c8fc9514ade2022-02-14 08:47:32.813root 11241100x80000000000000001755823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e20f7451336effc2022-02-14 08:47:32.813root 11241100x80000000000000001755824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.813{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b4202273e9ba6f2022-02-14 08:47:32.813root 11241100x80000000000000001755825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.814{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19759eaa856a93c62022-02-14 08:47:32.814root 11241100x80000000000000001755826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.814{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032ccef1183ffc432022-02-14 08:47:32.814root 11241100x80000000000000001755827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.814{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca60e22760e1dea2022-02-14 08:47:32.814root 11241100x80000000000000001755828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.814{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1a83eb384c402d2022-02-14 08:47:32.814root 11241100x80000000000000001755829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98774b45cd55e5352022-02-14 08:47:32.815root 11241100x80000000000000001755830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c4ba8a1e0b25242022-02-14 08:47:32.815root 11241100x80000000000000001755831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351f8f9d52f7f2522022-02-14 08:47:32.815root 11241100x80000000000000001755832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbd9befcf60e6c42022-02-14 08:47:32.815root 11241100x80000000000000001755833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3008d4115d6cfe542022-02-14 08:47:32.815root 11241100x80000000000000001755834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f8bff955a897712022-02-14 08:47:32.815root 11241100x80000000000000001755835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0032c2e82ed10b2022-02-14 08:47:32.815root 11241100x80000000000000001755836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.815{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c2b9be734a48c82022-02-14 08:47:32.815root 11241100x80000000000000001755837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5eb87fc817d7472022-02-14 08:47:32.816root 11241100x80000000000000001755838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97bb2bbb39d45d02022-02-14 08:47:32.816root 11241100x80000000000000001755839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d0298d5f5c1b392022-02-14 08:47:32.816root 11241100x80000000000000001755840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609caa2bfc9a04e52022-02-14 08:47:32.816root 11241100x80000000000000001755841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8e27bb7d92381d2022-02-14 08:47:32.816root 11241100x80000000000000001755842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6dc761495231082022-02-14 08:47:32.816root 11241100x80000000000000001755843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce04f5f63997cab2022-02-14 08:47:32.816root 11241100x80000000000000001755844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.816{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16feaacc4222c3e02022-02-14 08:47:32.816root 11241100x80000000000000001755845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.817{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2f0f2bd64836182022-02-14 08:47:32.817root 11241100x80000000000000001755846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.817{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851c06f1dbf25d802022-02-14 08:47:32.817root 11241100x80000000000000001755847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.817{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58415ad379b770b62022-02-14 08:47:32.817root 11241100x80000000000000001755848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.817{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f870db377e70e662022-02-14 08:47:32.817root 11241100x80000000000000001755849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.817{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b6e4640c46366c2022-02-14 08:47:32.817root 11241100x80000000000000001755850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.817{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798397d052fefff32022-02-14 08:47:32.817root 11241100x80000000000000001755851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.817{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f837f58f2db706192022-02-14 08:47:32.817root 11241100x80000000000000001755852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eef7224247c1ce82022-02-14 08:47:32.818root 11241100x80000000000000001755853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50e847abbf5413b2022-02-14 08:47:32.818root 11241100x80000000000000001755854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbc5b724697bcae2022-02-14 08:47:32.818root 11241100x80000000000000001755855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5475bf62626d8572022-02-14 08:47:32.818root 11241100x80000000000000001755856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40059c4574e0a4fc2022-02-14 08:47:32.818root 11241100x80000000000000001755857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32db10bfead0beab2022-02-14 08:47:32.818root 11241100x80000000000000001755858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b660c3e89f689442022-02-14 08:47:32.818root 11241100x80000000000000001755859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.818{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a22ff1de8a8a7b52022-02-14 08:47:32.818root 11241100x80000000000000001755860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.819{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9560ccabd8eb8ad32022-02-14 08:47:32.819root 11241100x80000000000000001755861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.819{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa0a5fcdd9d784d2022-02-14 08:47:32.819root 11241100x80000000000000001755862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.819{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8028526b80ee40f2022-02-14 08:47:32.819root 11241100x80000000000000001755863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.819{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7de173dbb726992022-02-14 08:47:32.819root 11241100x80000000000000001755864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.819{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bea71fdf44799e62022-02-14 08:47:32.819root 11241100x80000000000000001755865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.819{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410a8e2ba3f32db32022-02-14 08:47:32.819root 11241100x80000000000000001755866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.819{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19465cdd55f7fc12022-02-14 08:47:32.819root 11241100x80000000000000001755867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.819{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57af23cd270baafc2022-02-14 08:47:32.819root 11241100x80000000000000001755868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.820{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc80f57c77121eb2022-02-14 08:47:32.820root 11241100x80000000000000001755869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.820{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5a976aa435e42b2022-02-14 08:47:32.820root 11241100x80000000000000001755870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.820{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b8250a6c7a4d2d2022-02-14 08:47:32.820root 11241100x80000000000000001755871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.820{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9842a944131397642022-02-14 08:47:32.820root 11241100x80000000000000001755872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.820{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1384e72c9ea267ae2022-02-14 08:47:32.820root 11241100x80000000000000001755873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.820{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729bec314695b7ab2022-02-14 08:47:32.820root 11241100x80000000000000001755874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.820{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa6ccc8038066572022-02-14 08:47:32.820root 11241100x80000000000000001755875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.820{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c5409ce64848882022-02-14 08:47:32.820root 11241100x80000000000000001755876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.821{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f66c9745d05c9aa2022-02-14 08:47:32.821root 11241100x80000000000000001755877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.821{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1f969a217699d72022-02-14 08:47:32.821root 11241100x80000000000000001755878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.821{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf8c8026d85489f2022-02-14 08:47:32.821root 11241100x80000000000000001755879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.822{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2731be6721a8b8c2022-02-14 08:47:32.822root 11241100x80000000000000001755880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.822{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1855f5e4224863a52022-02-14 08:47:32.822root 11241100x80000000000000001755881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.822{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add1695fb3e12e132022-02-14 08:47:32.822root 11241100x80000000000000001755882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.822{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8dc8657e4176c12022-02-14 08:47:32.822root 11241100x80000000000000001755883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.822{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f464e78941edd22022-02-14 08:47:32.822root 11241100x80000000000000001755884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.822{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4137ea27eb26462022-02-14 08:47:32.822root 11241100x80000000000000001755885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.823{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0077cff2c612c1572022-02-14 08:47:32.823root 11241100x80000000000000001755886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.823{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7150e633c4101cf92022-02-14 08:47:32.823root 11241100x80000000000000001755887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.823{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f24d25edaad52d2022-02-14 08:47:32.823root 11241100x80000000000000001755888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.823{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54622dd4b05212622022-02-14 08:47:32.823root 11241100x80000000000000001755889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.823{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfca6fa33916b43e2022-02-14 08:47:32.823root 11241100x80000000000000001755890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.823{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d89d665ae9c0662022-02-14 08:47:32.823root 11241100x80000000000000001755891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.824{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c183b617c6be4592022-02-14 08:47:32.824root 11241100x80000000000000001755892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.824{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee11f949ebc11ba2022-02-14 08:47:32.824root 11241100x80000000000000001755893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.824{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c399feda7e6d5da2022-02-14 08:47:32.824root 11241100x80000000000000001755894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.824{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e0b4a89bbe6dcd2022-02-14 08:47:32.824root 11241100x80000000000000001755895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.824{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d561db4354ff16642022-02-14 08:47:32.824root 11241100x80000000000000001755896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.824{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34a86fa72ee8fbe2022-02-14 08:47:32.824root 11241100x80000000000000001755897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.824{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3afd74d3357e732022-02-14 08:47:32.824root 11241100x80000000000000001755898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.825{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40659c775b18ff3c2022-02-14 08:47:32.825root 11241100x80000000000000001755899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.825{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fab50386cbb96e2022-02-14 08:47:32.825root 11241100x80000000000000001755900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.825{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7acfb0fd4560b47f2022-02-14 08:47:32.825root 11241100x80000000000000001755901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.825{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b2f95119e9ee422022-02-14 08:47:32.825root 11241100x80000000000000001755902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.825{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07469fd14f27ef982022-02-14 08:47:32.825root 11241100x80000000000000001755903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.825{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2070e1f3e64c27a2022-02-14 08:47:32.825root 11241100x80000000000000001755904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.828{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23209f342214d912022-02-14 08:47:32.828root 11241100x80000000000000001755905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.828{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcb23b1f99d5a3f2022-02-14 08:47:32.828root 11241100x80000000000000001755906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.828{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5efd3fe3353a3112022-02-14 08:47:32.828root 11241100x80000000000000001755907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.828{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c25fe7ee210a3032022-02-14 08:47:32.828root 11241100x80000000000000001755908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.828{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3219aa00f3ed1d572022-02-14 08:47:32.828root 11241100x80000000000000001755909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.829{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c64f8946ad880aa2022-02-14 08:47:32.829root 11241100x80000000000000001755910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.829{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616b20193bfd33d42022-02-14 08:47:32.829root 11241100x80000000000000001755911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.829{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d966d1b7c790161c2022-02-14 08:47:32.829root 11241100x80000000000000001755912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.829{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81ae971a7d2203f2022-02-14 08:47:32.829root 11241100x80000000000000001755913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.829{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10da6971fdb449722022-02-14 08:47:32.829root 11241100x80000000000000001755914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.829{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954a26dc8159f1152022-02-14 08:47:32.829root 11241100x80000000000000001755915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.829{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bab2538482576db2022-02-14 08:47:32.829root 11241100x80000000000000001755916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.829{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b62442bb42a8ac2022-02-14 08:47:32.829root 11241100x80000000000000001755917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.830{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587bc82ea2914bfc2022-02-14 08:47:32.830root 11241100x80000000000000001755918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.830{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20aedd929d35efc82022-02-14 08:47:32.830root 11241100x80000000000000001755919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.830{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c3976e7bfdf5e12022-02-14 08:47:32.830root 11241100x80000000000000001755920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.830{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb2408a650fa8b62022-02-14 08:47:32.830root 11241100x80000000000000001755921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.830{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c4fca2577bf2602022-02-14 08:47:32.830root 11241100x80000000000000001755922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.830{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657719bd973b4a972022-02-14 08:47:32.830root 11241100x80000000000000001755923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.830{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44732578a45ed9152022-02-14 08:47:32.830root 11241100x80000000000000001755924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.831{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751b49bae14651b62022-02-14 08:47:32.831root 11241100x80000000000000001755925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.831{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2d95da11b4e1052022-02-14 08:47:32.831root 11241100x80000000000000001755926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.831{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6aa5da92e0d1cb2022-02-14 08:47:32.831root 11241100x80000000000000001755927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.831{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8616ffd4109844b2022-02-14 08:47:32.831root 11241100x80000000000000001755928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.831{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92aac22bfb1722fc2022-02-14 08:47:32.831root 11241100x80000000000000001755929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.831{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34777283bdac01e82022-02-14 08:47:32.831root 11241100x80000000000000001755930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.831{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcaf8cc7164921822022-02-14 08:47:32.831root 11241100x80000000000000001755931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.832{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fae289e8e8504d2022-02-14 08:47:32.832root 11241100x80000000000000001755932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.832{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a1c7a4ff154f442022-02-14 08:47:32.832root 11241100x80000000000000001755933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.832{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65e8e61c22b0b192022-02-14 08:47:32.832root 11241100x80000000000000001755934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.832{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92307a89fa4490af2022-02-14 08:47:32.832root 11241100x80000000000000001755935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.832{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be513cdfd1e48162022-02-14 08:47:32.832root 11241100x80000000000000001755936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.832{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bc5ae32d4c7a1c2022-02-14 08:47:32.832root 11241100x80000000000000001755937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.832{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e028e5d1c27fb4c12022-02-14 08:47:32.832root 11241100x80000000000000001755938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.832{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a73619fe1065192022-02-14 08:47:32.832root 11241100x80000000000000001755939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.832{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea7a9695a0c59ec2022-02-14 08:47:32.832root 11241100x80000000000000001755940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.832{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4365111eb0368b12022-02-14 08:47:32.832root 11241100x80000000000000001755941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.833{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16caf11a1539e8c72022-02-14 08:47:32.833root 11241100x80000000000000001755942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.833{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ec6c64f85446fb2022-02-14 08:47:32.833root 11241100x80000000000000001755943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.833{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab57d0de8b0ec5672022-02-14 08:47:32.833root 11241100x80000000000000001755944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.833{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1459897198c851b22022-02-14 08:47:32.833root 11241100x80000000000000001755945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.833{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a2dd49c67c05342022-02-14 08:47:32.833root 11241100x80000000000000001755946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.833{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2110ef7e73587b422022-02-14 08:47:32.833root 11241100x80000000000000001755947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.833{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45c59d81eab77322022-02-14 08:47:32.833root 11241100x80000000000000001755948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.833{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326d47a41511f5e32022-02-14 08:47:32.833root 11241100x80000000000000001755949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.833{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8dd0e64ff1ec182022-02-14 08:47:32.833root 11241100x80000000000000001755950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.833{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a255c69b161736d62022-02-14 08:47:32.833root 11241100x80000000000000001755951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.833{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81e4cd8327b0b3e2022-02-14 08:47:32.833root 11241100x80000000000000001755952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.833{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2c6c1a7575a36f2022-02-14 08:47:32.833root 11241100x80000000000000001755953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.833{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefb5814071cb13d2022-02-14 08:47:32.833root 11241100x80000000000000001755954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.833{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffb19747bcf94c72022-02-14 08:47:32.833root 11241100x80000000000000001755955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.834{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cbc8616eb0b1002022-02-14 08:47:32.834root 11241100x80000000000000001755956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.834{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de41c89e72b64ec2022-02-14 08:47:32.834root 11241100x80000000000000001755957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.834{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d01e3dba8df697b2022-02-14 08:47:32.834root 11241100x80000000000000001755958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.834{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0b74b64ab00ac72022-02-14 08:47:32.834root 11241100x80000000000000001755959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.834{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1cf828f46dc1a02022-02-14 08:47:32.834root 11241100x80000000000000001755960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.834{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d027f687b326c22022-02-14 08:47:32.834root 11241100x80000000000000001755961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.834{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1603beb62aed56082022-02-14 08:47:32.834root 11241100x80000000000000001755962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf33f41d6a5034b2022-02-14 08:47:32.835root 11241100x80000000000000001755963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3e7e28231c03ec2022-02-14 08:47:32.835root 11241100x80000000000000001755964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f8a6da8dd98caf2022-02-14 08:47:32.835root 11241100x80000000000000001755965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bc0cd1181163082022-02-14 08:47:32.835root 11241100x80000000000000001755966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a21659eaaac5972022-02-14 08:47:32.835root 11241100x80000000000000001755967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e337f4433b200e02022-02-14 08:47:32.835root 11241100x80000000000000001755968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232bc78181632d942022-02-14 08:47:32.835root 11241100x80000000000000001755969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18924f92cbb928372022-02-14 08:47:32.835root 11241100x80000000000000001755970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8501a432b0cf77122022-02-14 08:47:32.835root 11241100x80000000000000001755971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.835{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f42f14f5e6057e2022-02-14 08:47:32.835root 11241100x80000000000000001755972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.838{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edeba17ea33572dc2022-02-14 08:47:32.838root 11241100x80000000000000001755973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.838{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565fc3ea208a84442022-02-14 08:47:32.838root 11241100x80000000000000001755974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.838{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f6d080b22934dc2022-02-14 08:47:32.838root 11241100x80000000000000001755975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.838{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98795d7a7a4b826e2022-02-14 08:47:32.838root 11241100x80000000000000001755976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.840{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7879537d6c06c8562022-02-14 08:47:32.840root 11241100x80000000000000001755977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.840{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457e210bb7016a792022-02-14 08:47:32.840root 11241100x80000000000000001755978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.840{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48491c05f1af45db2022-02-14 08:47:32.840root 11241100x80000000000000001755979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.840{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59a81290d41b2d12022-02-14 08:47:32.840root 11241100x80000000000000001755980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.842{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448861bcfcd0bc842022-02-14 08:47:32.842root 11241100x80000000000000001755981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.843{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3500447a60c9b32022-02-14 08:47:32.843root 11241100x80000000000000001755982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.843{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd1ed8ca974f82e2022-02-14 08:47:32.843root 11241100x80000000000000001755983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.843{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52985bb7073c400f2022-02-14 08:47:32.843root 11241100x80000000000000001755984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.843{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72db61a555be189c2022-02-14 08:47:32.843root 11241100x80000000000000001755985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.843{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd88957c2229647b2022-02-14 08:47:32.843root 11241100x80000000000000001755986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.844{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4314fa1d11078712022-02-14 08:47:32.844root 11241100x80000000000000001755987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.844{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2a3a5d43826f8d2022-02-14 08:47:32.844root 11241100x80000000000000001755988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.844{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94874e49d80a909e2022-02-14 08:47:32.844root 11241100x80000000000000001755989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.844{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b952c74d036bdfc2022-02-14 08:47:32.844root 11241100x80000000000000001755990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.845{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b5d63ff30d998c2022-02-14 08:47:32.845root 11241100x80000000000000001755991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.845{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd3139e0bfceef52022-02-14 08:47:32.845root 11241100x80000000000000001755992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.845{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e59c27ac39909c2022-02-14 08:47:32.845root 11241100x80000000000000001755993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.845{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77dcb954ed8d9732022-02-14 08:47:32.845root 11241100x80000000000000001755994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.846{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1757d4e96fae22c62022-02-14 08:47:32.846root 11241100x80000000000000001755995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.846{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb1c47f4eaf7f142022-02-14 08:47:32.846root 11241100x80000000000000001755996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.846{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5386724c01a733b32022-02-14 08:47:32.846root 11241100x80000000000000001755997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.846{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d9fc812caec2672022-02-14 08:47:32.846root 11241100x80000000000000001755998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.847{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc07f5f09ccf9d1b2022-02-14 08:47:32.847root 11241100x80000000000000001755999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.847{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f16d68569780a332022-02-14 08:47:32.847root 11241100x80000000000000001756000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.847{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ff1f6fbda6d4362022-02-14 08:47:32.847root 11241100x80000000000000001756001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.847{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fed1e1b3602c2422022-02-14 08:47:32.847root 11241100x80000000000000001756002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.847{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a158838cd7e631e2022-02-14 08:47:32.847root 11241100x80000000000000001756003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.847{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1088014b4809fdb52022-02-14 08:47:32.847root 11241100x80000000000000001756004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.847{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f694e531cb188d2022-02-14 08:47:32.847root 11241100x80000000000000001756005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.847{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a990768d4b2a562022-02-14 08:47:32.847root 11241100x80000000000000001756006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.847{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9116ab64ad7b96b2022-02-14 08:47:32.847root 11241100x80000000000000001756007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.848{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ba25a8b6eb74392022-02-14 08:47:32.848root 11241100x80000000000000001756008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.848{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65767296e954e1c2022-02-14 08:47:32.848root 11241100x80000000000000001756009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.848{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92655a3a237007a42022-02-14 08:47:32.848root 11241100x80000000000000001756010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.848{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788faf4f5c172c992022-02-14 08:47:32.848root 11241100x80000000000000001756011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.848{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343bd5b67fb555cc2022-02-14 08:47:32.848root 11241100x80000000000000001756012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.848{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502df4632f8be08d2022-02-14 08:47:32.848root 11241100x80000000000000001756013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.848{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bd1f858a0d8e132022-02-14 08:47:32.848root 11241100x80000000000000001756014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.848{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dae6a136b28f8882022-02-14 08:47:32.848root 11241100x80000000000000001756015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.849{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75785eeaad3af48b2022-02-14 08:47:32.849root 11241100x80000000000000001756016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.849{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ef8720a3f911812022-02-14 08:47:32.849root 11241100x80000000000000001756017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.849{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4a06bed0496fb62022-02-14 08:47:32.849root 11241100x80000000000000001756018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.849{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb03520a7c54962f2022-02-14 08:47:32.849root 11241100x80000000000000001756019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.849{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1667db5ef87839a22022-02-14 08:47:32.849root 11241100x80000000000000001756020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.849{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6166036d226fc51e2022-02-14 08:47:32.849root 11241100x80000000000000001756021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.850{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d048f578d34a211a2022-02-14 08:47:32.850root 11241100x80000000000000001756022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.850{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89222d9afccc17642022-02-14 08:47:32.850root 11241100x80000000000000001756023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.850{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba5c60fb711b4062022-02-14 08:47:32.850root 11241100x80000000000000001756024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.850{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e12138d17a9cc62022-02-14 08:47:32.850root 11241100x80000000000000001756025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.850{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9d4dea28f487dd2022-02-14 08:47:32.850root 11241100x80000000000000001756026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.850{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d950c6da0d1d7e6a2022-02-14 08:47:32.850root 11241100x80000000000000001756027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.850{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f55385b157473e2022-02-14 08:47:32.850root 11241100x80000000000000001756028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.850{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76acf8b4914f8d022022-02-14 08:47:32.850root 11241100x80000000000000001756029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.851{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84a49f8f20725202022-02-14 08:47:32.851root 11241100x80000000000000001756030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.851{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ec81bad7fae4d12022-02-14 08:47:32.851root 11241100x80000000000000001756031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.851{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91a777d435e1e192022-02-14 08:47:32.851root 11241100x80000000000000001756032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.851{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf234625c99bfb5d2022-02-14 08:47:32.851root 11241100x80000000000000001756033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.851{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af285dab20664552022-02-14 08:47:32.851root 11241100x80000000000000001756034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.851{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ece737e75ab6692022-02-14 08:47:32.851root 11241100x80000000000000001756035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.851{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edc2f1329cf9a0f2022-02-14 08:47:32.851root 11241100x80000000000000001756036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.851{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e423cd640859d15d2022-02-14 08:47:32.851root 11241100x80000000000000001756037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.851{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b74f195dabc2252022-02-14 08:47:32.851root 11241100x80000000000000001756038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.852{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ca4135c22d61a22022-02-14 08:47:32.852root 11241100x80000000000000001756039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.852{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888ae25dca7b22ec2022-02-14 08:47:32.852root 11241100x80000000000000001756040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.852{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd7cc5aec7c68af2022-02-14 08:47:32.852root 11241100x80000000000000001756041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.852{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1d8ed6843012022022-02-14 08:47:32.852root 11241100x80000000000000001756042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.852{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770520bd1b8eeb9d2022-02-14 08:47:32.852root 11241100x80000000000000001756043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.852{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1874e573a4e39542022-02-14 08:47:32.852root 11241100x80000000000000001756044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.853{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d6f1de0fdf8cad2022-02-14 08:47:32.853root 11241100x80000000000000001756045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.853{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c78c54b7a893e52022-02-14 08:47:32.853root 11241100x80000000000000001756046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.853{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1217c19c442d1b0c2022-02-14 08:47:32.853root 11241100x80000000000000001756047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.854{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a545656cb1990d2022-02-14 08:47:32.854root 11241100x80000000000000001756048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.854{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c611ee186e1e07ed2022-02-14 08:47:32.854root 11241100x80000000000000001756049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.855{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32652b634218795c2022-02-14 08:47:32.855root 11241100x80000000000000001756050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.855{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb48c9c4bfe0b6832022-02-14 08:47:32.855root 11241100x80000000000000001756051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.855{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfb070355204ce22022-02-14 08:47:32.855root 11241100x80000000000000001756052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.856{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6502214be94d266e2022-02-14 08:47:32.856root 11241100x80000000000000001756053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.856{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8910dc5dc8fc88122022-02-14 08:47:32.856root 11241100x80000000000000001756054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.856{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87f85544eb3accc2022-02-14 08:47:32.856root 11241100x80000000000000001756055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.857{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e529f1db6db0e942022-02-14 08:47:32.857root 11241100x80000000000000001756056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.857{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7c03ae272817562022-02-14 08:47:32.857root 11241100x80000000000000001756057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.857{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a016e31503c0ca2022-02-14 08:47:32.857root 11241100x80000000000000001756058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.857{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315c7f247a88ea1b2022-02-14 08:47:32.857root 11241100x80000000000000001756059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.858{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e906d33874473c092022-02-14 08:47:32.858root 11241100x80000000000000001756060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.858{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904ebf37267f643f2022-02-14 08:47:32.858root 11241100x80000000000000001756061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.858{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ed21fb36c326982022-02-14 08:47:32.858root 11241100x80000000000000001756062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.859{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8a0659e02f258d2022-02-14 08:47:32.859root 11241100x80000000000000001756063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.859{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231e3ab173cde6672022-02-14 08:47:32.859root 11241100x80000000000000001756064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.859{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed683db444b01db2022-02-14 08:47:32.859root 11241100x80000000000000001756065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.859{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1bb5c7951a2a242022-02-14 08:47:32.859root 11241100x80000000000000001756066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.859{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d5e8b8db5795112022-02-14 08:47:32.859root 11241100x80000000000000001756067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.859{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc1b3b5b05484952022-02-14 08:47:32.859root 11241100x80000000000000001756068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.860{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8cf09f302c25762022-02-14 08:47:32.860root 11241100x80000000000000001756069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.860{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664769c4687e9c9b2022-02-14 08:47:32.860root 11241100x80000000000000001756070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.860{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cb35bf0c0821aa2022-02-14 08:47:32.860root 11241100x80000000000000001756071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.860{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a7b3d6427af07b2022-02-14 08:47:32.860root 11241100x80000000000000001756072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.860{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e2e4758b776c902022-02-14 08:47:32.860root 11241100x80000000000000001756073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.860{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eaf6b00b8b3b0a12022-02-14 08:47:32.860root 11241100x80000000000000001756074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.860{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0570c3948939a3f2022-02-14 08:47:32.860root 11241100x80000000000000001756075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.860{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f475a60ec69bf32022-02-14 08:47:32.860root 11241100x80000000000000001756076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.860{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5632c4de440fd2e32022-02-14 08:47:32.860root 11241100x80000000000000001756077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.860{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db5a109cadf99332022-02-14 08:47:32.860root 11241100x80000000000000001756078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.860{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928a7859d1d73f092022-02-14 08:47:32.860root 11241100x80000000000000001756079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.861{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611346b74baf5c362022-02-14 08:47:32.861root 11241100x80000000000000001756080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.861{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5464e47a410c95902022-02-14 08:47:32.861root 11241100x80000000000000001756081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.861{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed174f33e44f83162022-02-14 08:47:32.861root 11241100x80000000000000001756082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.861{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5944269843361172022-02-14 08:47:32.861root 11241100x80000000000000001756083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.861{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aaa4a89f3b550f12022-02-14 08:47:32.861root 11241100x80000000000000001756084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.861{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7facc2a7de241fd2022-02-14 08:47:32.861root 11241100x80000000000000001756085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.861{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0dc669b6a33ec3c2022-02-14 08:47:32.861root 11241100x80000000000000001756086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.861{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f7b0f75f1138152022-02-14 08:47:32.861root 11241100x80000000000000001756087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.861{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae272f1854fda7f72022-02-14 08:47:32.861root 11241100x80000000000000001756088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.861{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bff850f99984522022-02-14 08:47:32.861root 11241100x80000000000000001756089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.862{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccae4f4ce2f02b72022-02-14 08:47:32.862root 11241100x80000000000000001756090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.862{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2961d8405421fc1a2022-02-14 08:47:32.862root 11241100x80000000000000001756091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.862{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ea60383e3f9af72022-02-14 08:47:32.862root 11241100x80000000000000001756092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.862{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa27a067e5838c42022-02-14 08:47:32.862root 11241100x80000000000000001756093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.862{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ce25b09b4af40a2022-02-14 08:47:32.862root 11241100x80000000000000001756094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.863{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fae2a32c3f3caf2022-02-14 08:47:32.863root 11241100x80000000000000001756095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.863{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f74dca6deaf35722022-02-14 08:47:32.863root 11241100x80000000000000001756096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.863{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ede69942c3e7272022-02-14 08:47:32.863root 11241100x80000000000000001756097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.863{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2801f7ee64c553b32022-02-14 08:47:32.863root 11241100x80000000000000001756098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.863{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31047e5e22eb5e9d2022-02-14 08:47:32.863root 11241100x80000000000000001756099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.863{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada437da92f740b62022-02-14 08:47:32.863root 11241100x80000000000000001756100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.863{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7889857627f37f8f2022-02-14 08:47:32.863root 11241100x80000000000000001756101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.863{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d1f3e72fdf6c652022-02-14 08:47:32.863root 11241100x80000000000000001756102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.864{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70e71838ae3b7f02022-02-14 08:47:32.864root 11241100x80000000000000001756103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.864{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209b6461e1fc26762022-02-14 08:47:32.864root 11241100x80000000000000001756104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.864{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1fd3c0a02ef8be2022-02-14 08:47:32.864root 11241100x80000000000000001756105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.864{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f7370f95060ae42022-02-14 08:47:32.864root 11241100x80000000000000001756106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.864{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fd4168e5521b4d2022-02-14 08:47:32.864root 11241100x80000000000000001756107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.864{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9c9dc19146a52c2022-02-14 08:47:32.864root 11241100x80000000000000001756108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.864{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d1c442536ab1422022-02-14 08:47:32.864root 11241100x80000000000000001756109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.864{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce913c5f2db1165f2022-02-14 08:47:32.864root 11241100x80000000000000001756110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.864{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429dc4b354c227a22022-02-14 08:47:32.864root 11241100x80000000000000001756111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.864{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ce90a3135218192022-02-14 08:47:32.864root 11241100x80000000000000001756112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.864{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91f8f656be025422022-02-14 08:47:32.864root 11241100x80000000000000001756113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.865{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05d8626a73708a82022-02-14 08:47:32.865root 11241100x80000000000000001756114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.865{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c27d3d03bd99412022-02-14 08:47:32.865root 11241100x80000000000000001756115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.865{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0003abd12ca91ffa2022-02-14 08:47:32.865root 11241100x80000000000000001756116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.865{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8418579423c9a49b2022-02-14 08:47:32.865root 11241100x80000000000000001756117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.865{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6d13fcf645a5872022-02-14 08:47:32.865root 11241100x80000000000000001756118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.865{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f4b5e8cccd1e1d2022-02-14 08:47:32.865root 11241100x80000000000000001756119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.865{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9561c81d74333b2022-02-14 08:47:32.865root 11241100x80000000000000001756120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.865{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a171fe7d97b1126e2022-02-14 08:47:32.865root 11241100x80000000000000001756121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.866{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f510f2505d745e1b2022-02-14 08:47:32.866root 11241100x80000000000000001756122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.866{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ecfae744e9a78c2022-02-14 08:47:32.866root 11241100x80000000000000001756123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.866{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073c61de4febf4362022-02-14 08:47:32.866root 11241100x80000000000000001756124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.866{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78872a8452e2a29c2022-02-14 08:47:32.866root 11241100x80000000000000001756125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.866{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdea6f2e71c3daa72022-02-14 08:47:32.866root 11241100x80000000000000001756126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.866{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcae1c63f77ec902022-02-14 08:47:32.866root 11241100x80000000000000001756127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.866{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e552059329190c2022-02-14 08:47:32.866root 11241100x80000000000000001756128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.867{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e16383643b48972022-02-14 08:47:32.867root 11241100x80000000000000001756129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.867{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b32d1581e912722022-02-14 08:47:32.867root 11241100x80000000000000001756130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.867{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9cecce123f5a7d2022-02-14 08:47:32.867root 11241100x80000000000000001756131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.867{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe52742bcb6a393e2022-02-14 08:47:32.867root 11241100x80000000000000001756132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.867{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5673319a1271fdb82022-02-14 08:47:32.867root 11241100x80000000000000001756133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.867{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f56ec440729cd582022-02-14 08:47:32.867root 11241100x80000000000000001756134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.867{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954bee9137616d4b2022-02-14 08:47:32.867root 11241100x80000000000000001756135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.867{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e676b2cd0c506c2022-02-14 08:47:32.867root 11241100x80000000000000001756136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.867{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacd35ac9d41e79a2022-02-14 08:47:32.867root 11241100x80000000000000001756137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.867{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d299c361080636962022-02-14 08:47:32.867root 11241100x80000000000000001756138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.868{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8b0c51ed1985462022-02-14 08:47:32.868root 11241100x80000000000000001756139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.868{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8363fe642ff3c1102022-02-14 08:47:32.868root 11241100x80000000000000001756140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.868{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d3bcb318c719532022-02-14 08:47:32.868root 11241100x80000000000000001756141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.868{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb0514b02dca14c2022-02-14 08:47:32.868root 11241100x80000000000000001756142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.868{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7e2be40f5cc5502022-02-14 08:47:32.868root 11241100x80000000000000001756143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.868{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d77cd7b7ed814102022-02-14 08:47:32.868root 11241100x80000000000000001756144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.868{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b480079f5aea152022-02-14 08:47:32.868root 11241100x80000000000000001756145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.868{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0294f0655c29b7b42022-02-14 08:47:32.868root 11241100x80000000000000001756146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.868{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23da1c8d8eb544932022-02-14 08:47:32.868root 11241100x80000000000000001756147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.869{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de52493d6863eae82022-02-14 08:47:32.869root 11241100x80000000000000001756148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.869{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f37bde3cb8ffb32022-02-14 08:47:32.869root 11241100x80000000000000001756149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.869{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5778d1929793d72022-02-14 08:47:32.869root 11241100x80000000000000001756150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.869{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf9dabeadc3faf42022-02-14 08:47:32.869root 11241100x80000000000000001756151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.869{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932be7ef536e6e9d2022-02-14 08:47:32.869root 11241100x80000000000000001756152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.869{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0439a503e6d2642022-02-14 08:47:32.869root 11241100x80000000000000001756153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.869{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10bee05769902d02022-02-14 08:47:32.869root 11241100x80000000000000001756154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.869{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356184b75d02b7ac2022-02-14 08:47:32.869root 11241100x80000000000000001756155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.869{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7033cbc55507ec2022-02-14 08:47:32.869root 11241100x80000000000000001756156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.870{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152c7d1687ecb1df2022-02-14 08:47:32.870root 11241100x80000000000000001756157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.870{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645199b10f51073b2022-02-14 08:47:32.870root 11241100x80000000000000001756158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.870{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641831064afedd3f2022-02-14 08:47:32.870root 11241100x80000000000000001756159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.870{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870d31eac5ca10a72022-02-14 08:47:32.870root 11241100x80000000000000001756160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.870{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d440a582dfa9cf2022-02-14 08:47:32.870root 11241100x80000000000000001756161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.870{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2eb6a2efdabd3a2022-02-14 08:47:32.870root 11241100x80000000000000001756162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.870{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88587c0143d0fe5e2022-02-14 08:47:32.870root 11241100x80000000000000001756163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.870{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da343f4bd5af0f42022-02-14 08:47:32.870root 11241100x80000000000000001756164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.870{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd15a7099681a9c2022-02-14 08:47:32.870root 11241100x80000000000000001756165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.871{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518e7de3ea1921102022-02-14 08:47:32.871root 11241100x80000000000000001756166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.871{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155ed31412eda5b52022-02-14 08:47:32.871root 11241100x80000000000000001756167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.871{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145ed1d96bbb0a892022-02-14 08:47:32.871root 11241100x80000000000000001756168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.871{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc347b3c20e1b282022-02-14 08:47:32.871root 11241100x80000000000000001756169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.871{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869e223e8abf45862022-02-14 08:47:32.871root 11241100x80000000000000001756170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.871{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4f1377e9aeb14f2022-02-14 08:47:32.871root 11241100x80000000000000001756171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.871{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de56e9ad7fe4b59f2022-02-14 08:47:32.871root 11241100x80000000000000001756172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.871{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d801404281b591e2022-02-14 08:47:32.871root 11241100x80000000000000001756173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.871{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83079e4c6a628a02022-02-14 08:47:32.871root 11241100x80000000000000001756174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.871{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7a6283e61279922022-02-14 08:47:32.871root 11241100x80000000000000001756175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.871{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2639faa3932110912022-02-14 08:47:32.871root 11241100x80000000000000001756176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.872{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f998d4cf0dc0d69e2022-02-14 08:47:32.872root 11241100x80000000000000001756177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.872{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270cdbb2e668a9c42022-02-14 08:47:32.872root 11241100x80000000000000001756178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.872{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9d9366630df98d2022-02-14 08:47:32.872root 11241100x80000000000000001756179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.872{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b08a3859e9df092022-02-14 08:47:32.872root 11241100x80000000000000001756180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.872{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979c5abc8eb2354e2022-02-14 08:47:32.872root 11241100x80000000000000001756181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.872{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81851c25d6fecb82022-02-14 08:47:32.872root 11241100x80000000000000001756182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.872{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19cd515641ccc1e2022-02-14 08:47:32.872root 11241100x80000000000000001756183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.872{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15dbfed67c37fa82022-02-14 08:47:32.872root 11241100x80000000000000001756184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.872{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4ad104bd5f519b2022-02-14 08:47:32.872root 11241100x80000000000000001756185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.872{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77671f2b7201f7442022-02-14 08:47:32.872root 11241100x80000000000000001756186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.873{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61065ac542a6f4cc2022-02-14 08:47:32.873root 11241100x80000000000000001756187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.873{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4e11bc5525cff22022-02-14 08:47:32.873root 11241100x80000000000000001756188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.873{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb093d6dec03c61c2022-02-14 08:47:32.873root 11241100x80000000000000001756189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.873{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3522e12c3899a0062022-02-14 08:47:32.873root 11241100x80000000000000001756190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.873{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec291143117a5ab62022-02-14 08:47:32.873root 11241100x80000000000000001756191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.873{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3edd55498b91ab2022-02-14 08:47:32.873root 11241100x80000000000000001756192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.873{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ccf07535db032c2022-02-14 08:47:32.873root 11241100x80000000000000001756193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.873{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50777a653552f5a32022-02-14 08:47:32.873root 11241100x80000000000000001756194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.873{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a36746867466d1d2022-02-14 08:47:32.873root 11241100x80000000000000001756195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.873{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bda4e4193567292022-02-14 08:47:32.873root 11241100x80000000000000001756196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.874{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbcc687b0fbd47b2022-02-14 08:47:32.874root 11241100x80000000000000001756197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.874{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2e475463066ee62022-02-14 08:47:32.874root 11241100x80000000000000001756198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.874{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253f0a5397824af72022-02-14 08:47:32.874root 11241100x80000000000000001756199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.874{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5243eff16abd74052022-02-14 08:47:32.874root 11241100x80000000000000001756200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.874{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee517ccb692127622022-02-14 08:47:32.874root 11241100x80000000000000001756201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.874{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d52c48bcc6028252022-02-14 08:47:32.874root 11241100x80000000000000001756202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.874{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78614f053a9e38cc2022-02-14 08:47:32.874root 11241100x80000000000000001756203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.874{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa8f1fe4bab8ce22022-02-14 08:47:32.874root 11241100x80000000000000001756204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.874{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa6ed86985650252022-02-14 08:47:32.874root 11241100x80000000000000001756205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.875{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fbba33f3b391962022-02-14 08:47:32.875root 11241100x80000000000000001756206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.875{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9046c2c0377e0e6f2022-02-14 08:47:32.875root 11241100x80000000000000001756207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.875{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079068429c1335372022-02-14 08:47:32.875root 11241100x80000000000000001756208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.875{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206b1e36e7622c982022-02-14 08:47:32.875root 11241100x80000000000000001756209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.875{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967265dd9459b63d2022-02-14 08:47:32.875root 11241100x80000000000000001756210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.875{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297067155d7c36692022-02-14 08:47:32.875root 11241100x80000000000000001756211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.875{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9832e2e72a4d832022-02-14 08:47:32.875root 11241100x80000000000000001756212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.875{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579d5437025672212022-02-14 08:47:32.875root 11241100x80000000000000001756213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.875{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54cb2ea545a8cf72022-02-14 08:47:32.875root 11241100x80000000000000001756214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.875{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d9cd21774901942022-02-14 08:47:32.875root 11241100x80000000000000001756215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.876{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf647003eb6f66f2022-02-14 08:47:32.876root 11241100x80000000000000001756216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.876{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ed3d0ae6a48d6c2022-02-14 08:47:32.876root 11241100x80000000000000001756217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.876{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866e05681d6c98de2022-02-14 08:47:32.876root 11241100x80000000000000001756218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.876{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b919e97783ba6a6e2022-02-14 08:47:32.876root 11241100x80000000000000001756219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.876{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd0e6f1ad096f8b2022-02-14 08:47:32.876root 11241100x80000000000000001756220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.876{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295724c58beb26012022-02-14 08:47:32.876root 11241100x80000000000000001756221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.876{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53e718fe4fab8f62022-02-14 08:47:32.876root 11241100x80000000000000001756222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.876{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b392bec8df318c662022-02-14 08:47:32.876root 11241100x80000000000000001756223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.876{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5dbf41f01c56a22022-02-14 08:47:32.876root 11241100x80000000000000001756224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.876{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31103ff574adebfa2022-02-14 08:47:32.876root 11241100x80000000000000001756225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.876{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ad2b7a29972cbb2022-02-14 08:47:32.876root 11241100x80000000000000001756226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.877{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8248104c43c51e2022-02-14 08:47:32.877root 11241100x80000000000000001756227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.877{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72730e2ce8d4e15d2022-02-14 08:47:32.877root 11241100x80000000000000001756228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.877{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5abcb9ebb4abe252022-02-14 08:47:32.877root 11241100x80000000000000001756229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.877{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040c2f58b9ebe2d82022-02-14 08:47:32.877root 11241100x80000000000000001756230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.877{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ca5662791df1642022-02-14 08:47:32.877root 11241100x80000000000000001756231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.878{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d7d14409557cd52022-02-14 08:47:32.878root 11241100x80000000000000001756232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.878{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd81853daa101d522022-02-14 08:47:32.878root 11241100x80000000000000001756233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.878{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28249ca4547364752022-02-14 08:47:32.878root 11241100x80000000000000001756234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.878{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7734ac19ad80a7da2022-02-14 08:47:32.878root 11241100x80000000000000001756235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.878{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af56f1acb9852ca62022-02-14 08:47:32.878root 11241100x80000000000000001756236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.878{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddd7c369dd40e1e2022-02-14 08:47:32.878root 11241100x80000000000000001756237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.879{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aded0bb83b6eb2542022-02-14 08:47:32.879root 11241100x80000000000000001756238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.879{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3036fa68a5b30b672022-02-14 08:47:32.879root 11241100x80000000000000001756239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.879{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40bb47622890af02022-02-14 08:47:32.879root 11241100x80000000000000001756240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.879{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98026067ef89f9b42022-02-14 08:47:32.879root 11241100x80000000000000001756241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.879{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84eb8c21fc8c46fc2022-02-14 08:47:32.879root 11241100x80000000000000001756242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.879{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4444a7d20995cb4d2022-02-14 08:47:32.879root 11241100x80000000000000001756243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.879{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed4897ec54134442022-02-14 08:47:32.879root 11241100x80000000000000001756244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.879{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb2eaa2186bbddf2022-02-14 08:47:32.879root 11241100x80000000000000001756245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.880{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388278451a0750652022-02-14 08:47:32.880root 11241100x80000000000000001756246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.880{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcb8b26f7fe94e62022-02-14 08:47:32.880root 11241100x80000000000000001756247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.880{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26331f6d0e239da2022-02-14 08:47:32.880root 11241100x80000000000000001756248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.880{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4466b3f64eb0bbc2022-02-14 08:47:32.880root 11241100x80000000000000001756249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.880{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cb56bcb2cb22a52022-02-14 08:47:32.880root 11241100x80000000000000001756250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.880{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a42108d7c9ae0622022-02-14 08:47:32.880root 11241100x80000000000000001756251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.880{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b25c7d3f9cba9552022-02-14 08:47:32.880root 11241100x80000000000000001756252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.880{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9c2a725ec76d052022-02-14 08:47:32.880root 11241100x80000000000000001756253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.880{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4537e42a2a47f1d02022-02-14 08:47:32.880root 11241100x80000000000000001756254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.880{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fdc5616ac7d43b2022-02-14 08:47:32.880root 11241100x80000000000000001756255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.881{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0c9cf45f26d28f2022-02-14 08:47:32.881root 11241100x80000000000000001756256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.881{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350149be418713e12022-02-14 08:47:32.881root 11241100x80000000000000001756257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.881{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ec1c51a8f38d112022-02-14 08:47:32.881root 11241100x80000000000000001756258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.881{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f95e8080d6d0002022-02-14 08:47:32.881root 11241100x80000000000000001756259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.881{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2e86697f46d4332022-02-14 08:47:32.881root 11241100x80000000000000001756260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.881{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8863f726de5d2ce2022-02-14 08:47:32.881root 11241100x80000000000000001756261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.881{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f60248ceae9e4c2022-02-14 08:47:32.881root 11241100x80000000000000001756262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.881{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49f1c61b3e263292022-02-14 08:47:32.881root 11241100x80000000000000001756263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.881{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5d92673440ad9d2022-02-14 08:47:32.881root 11241100x80000000000000001756264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.881{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ff2a7e0e8d05902022-02-14 08:47:32.881root 11241100x80000000000000001756265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.882{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43804208044d98d2022-02-14 08:47:32.882root 11241100x80000000000000001756266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.882{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131f6abc4d9cf4252022-02-14 08:47:32.882root 11241100x80000000000000001756267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.882{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5323359bddf07092022-02-14 08:47:32.882root 11241100x80000000000000001756268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.882{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987d2fdc2bdc4f8f2022-02-14 08:47:32.882root 11241100x80000000000000001756269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.882{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfca92b5ebec9f422022-02-14 08:47:32.882root 11241100x80000000000000001756270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.882{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723fe08129f275952022-02-14 08:47:32.882root 11241100x80000000000000001756271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.882{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4899a053497f3e392022-02-14 08:47:32.882root 11241100x80000000000000001756272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.882{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75acd0b25ed2bd82022-02-14 08:47:32.882root 11241100x80000000000000001756273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.883{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35c7aa67d5305432022-02-14 08:47:32.883root 11241100x80000000000000001756274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.883{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e1155bd3460d242022-02-14 08:47:32.883root 11241100x80000000000000001756275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.883{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201b9e21958d3c742022-02-14 08:47:32.883root 11241100x80000000000000001756276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.883{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654b44ec5097b19f2022-02-14 08:47:32.883root 11241100x80000000000000001756277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.883{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1265cc28f17882cb2022-02-14 08:47:32.883root 11241100x80000000000000001756278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.883{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bc987d9fb5cc182022-02-14 08:47:32.883root 11241100x80000000000000001756279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.883{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a2237a9194d65f2022-02-14 08:47:32.883root 11241100x80000000000000001756280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.883{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ed2d4dfa8d18bb2022-02-14 08:47:32.883root 11241100x80000000000000001756281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.883{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e4029798cdbcb22022-02-14 08:47:32.883root 11241100x80000000000000001756282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.883{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6328c3c52b4331012022-02-14 08:47:32.883root 11241100x80000000000000001756283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.884{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d1411a444736962022-02-14 08:47:32.884root 11241100x80000000000000001756284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.884{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283929a6d87d3a642022-02-14 08:47:32.884root 11241100x80000000000000001756285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.884{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce519333a29151e62022-02-14 08:47:32.884root 11241100x80000000000000001756286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.884{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aedeb3e03cdf6c52022-02-14 08:47:32.884root 11241100x80000000000000001756287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.884{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e2666d1aea93252022-02-14 08:47:32.884root 11241100x80000000000000001756288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.884{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdc0ba1ec51591d2022-02-14 08:47:32.884root 11241100x80000000000000001756289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.884{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590d1ed4f8b79d202022-02-14 08:47:32.884root 11241100x80000000000000001756290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.884{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3ba5318669f7652022-02-14 08:47:32.884root 11241100x80000000000000001756291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.884{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab39ded4bb13c8fa2022-02-14 08:47:32.884root 11241100x80000000000000001756292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.885{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fd9b0744c912392022-02-14 08:47:32.885root 11241100x80000000000000001756293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.885{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baecbda97541c3f42022-02-14 08:47:32.885root 11241100x80000000000000001756294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.885{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0573ad6b45f2a012022-02-14 08:47:32.885root 11241100x80000000000000001756295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.885{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cf335964d572002022-02-14 08:47:32.885root 11241100x80000000000000001756296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.885{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e46f5934cd801e2022-02-14 08:47:32.885root 11241100x80000000000000001756297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.885{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd03a37eb1c9765d2022-02-14 08:47:32.885root 11241100x80000000000000001756298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.885{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc8fa5be41684462022-02-14 08:47:32.885root 11241100x80000000000000001756299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.886{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce1734b8f758eac2022-02-14 08:47:32.886root 11241100x80000000000000001756300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.886{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a9829a331ab5d42022-02-14 08:47:32.886root 11241100x80000000000000001756301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.886{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ade11106b550852022-02-14 08:47:32.886root 11241100x80000000000000001756302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.886{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315f9fd58b04b37b2022-02-14 08:47:32.886root 11241100x80000000000000001756303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.886{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe91f434f39c63c2022-02-14 08:47:32.886root 11241100x80000000000000001756304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.886{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddf461eb2d37d462022-02-14 08:47:32.886root 11241100x80000000000000001756305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.886{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7fd13e696a9cd32022-02-14 08:47:32.886root 11241100x80000000000000001756306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.886{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96263c757c094e152022-02-14 08:47:32.886root 11241100x80000000000000001756307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.886{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df4b693c76462a62022-02-14 08:47:32.886root 11241100x80000000000000001756308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.886{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cfb840939a3f802022-02-14 08:47:32.886root 11241100x80000000000000001756309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.887{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b881089adea7309d2022-02-14 08:47:32.887root 11241100x80000000000000001756310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.887{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de2f452b12f60162022-02-14 08:47:32.887root 11241100x80000000000000001756311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.887{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e79c3056a54c0d12022-02-14 08:47:32.887root 11241100x80000000000000001756312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.887{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc7a5d486307e402022-02-14 08:47:32.887root 11241100x80000000000000001756313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.887{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eef2302f3a470282022-02-14 08:47:32.887root 11241100x80000000000000001756314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.887{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d31b7a32cd22f8d2022-02-14 08:47:32.887root 11241100x80000000000000001756315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.887{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c0ca932b76090a2022-02-14 08:47:32.887root 11241100x80000000000000001756316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.887{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca50816212c0adc2022-02-14 08:47:32.887root 11241100x80000000000000001756317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.887{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e6e3cfade3f6822022-02-14 08:47:32.887root 11241100x80000000000000001756318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.887{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e54e90c325f74472022-02-14 08:47:32.887root 11241100x80000000000000001756319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.887{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e99e4b1e90e782f2022-02-14 08:47:32.887root 11241100x80000000000000001756320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.887{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fae839367e1b9d2022-02-14 08:47:32.887root 11241100x80000000000000001756321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.888{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b355f65ee52abcc2022-02-14 08:47:32.888root 11241100x80000000000000001756322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.888{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cdb8db6b34464cf2022-02-14 08:47:32.888root 11241100x80000000000000001756323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.888{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd97e29474c6bac2022-02-14 08:47:32.888root 11241100x80000000000000001756324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.888{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825ee8968e9d7dbe2022-02-14 08:47:32.888root 11241100x80000000000000001756325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.888{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4b57d7251639852022-02-14 08:47:32.888root 11241100x80000000000000001756326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.888{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7668784e6928d902022-02-14 08:47:32.888root 11241100x80000000000000001756327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.888{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc412e3d96f0f132022-02-14 08:47:32.888root 11241100x80000000000000001756328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.888{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9554856bbee498062022-02-14 08:47:32.888root 11241100x80000000000000001756329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.888{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa74445beb716aea2022-02-14 08:47:32.888root 11241100x80000000000000001756330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.888{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a208c6503974642022-02-14 08:47:32.888root 11241100x80000000000000001756331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.888{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762869eec57d2ef92022-02-14 08:47:32.888root 11241100x80000000000000001756332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.888{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995a5cdb8a1de0d82022-02-14 08:47:32.888root 11241100x80000000000000001756333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.889{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c7a85496852af32022-02-14 08:47:32.889root 11241100x80000000000000001756334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.889{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da4e16642884f162022-02-14 08:47:32.889root 11241100x80000000000000001756335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.889{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ee2208cf34b0c92022-02-14 08:47:32.889root 11241100x80000000000000001756336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.889{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b08969580a3e1e52022-02-14 08:47:32.889root 11241100x80000000000000001756337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.889{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcabde2f3fb3b5a2022-02-14 08:47:32.889root 11241100x80000000000000001756338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.889{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be904256bfd403e82022-02-14 08:47:32.889root 11241100x80000000000000001756339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.889{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e9c8e78cc0fbb42022-02-14 08:47:32.889root 11241100x80000000000000001756340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.889{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b248459976af65de2022-02-14 08:47:32.889root 11241100x80000000000000001756341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.889{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7b0fac068b44332022-02-14 08:47:32.889root 11241100x80000000000000001756342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.889{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fb6d7f683b427f2022-02-14 08:47:32.889root 11241100x80000000000000001756343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.889{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36c4c24fb94cd4f2022-02-14 08:47:32.889root 11241100x80000000000000001756344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.889{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde8f0959d82f59e2022-02-14 08:47:32.889root 11241100x80000000000000001756345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.889{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6613e042e11d36b2022-02-14 08:47:32.889root 11241100x80000000000000001756346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.889{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14476a144c9133a2022-02-14 08:47:32.889root 11241100x80000000000000001756347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.890{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4e3fe862e14f462022-02-14 08:47:32.890root 11241100x80000000000000001756348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.890{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bc4ce98022ab2a2022-02-14 08:47:32.890root 11241100x80000000000000001756349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.890{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d42ad7445a4a3042022-02-14 08:47:32.890root 11241100x80000000000000001756350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.890{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd927fa1ad210952022-02-14 08:47:32.890root 11241100x80000000000000001756351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.890{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e5eb29cf92b6a02022-02-14 08:47:32.890root 11241100x80000000000000001756352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.890{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a452b6c9ff84d5d2022-02-14 08:47:32.890root 11241100x80000000000000001756353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.890{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44511efa9ac0f252022-02-14 08:47:32.890root 11241100x80000000000000001756354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.890{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff177d3c40274aa2022-02-14 08:47:32.890root 11241100x80000000000000001756355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.890{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca3b18143d54b182022-02-14 08:47:32.890root 11241100x80000000000000001756356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.890{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa3609cdac3fc7c2022-02-14 08:47:32.890root 11241100x80000000000000001756357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.890{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3753cfb4db2c4f482022-02-14 08:47:32.890root 11241100x80000000000000001756358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.890{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c14615e12e6bef72022-02-14 08:47:32.890root 11241100x80000000000000001756359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.891{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037783e3b5d524f92022-02-14 08:47:32.891root 11241100x80000000000000001756360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.891{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25948759a6aff0ac2022-02-14 08:47:32.891root 11241100x80000000000000001756361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.891{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ec865b706d65302022-02-14 08:47:32.891root 11241100x80000000000000001756362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.891{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88de5737c28748cf2022-02-14 08:47:32.891root 11241100x80000000000000001756363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.891{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea89bcf1e795ea02022-02-14 08:47:32.891root 11241100x80000000000000001756364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.891{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e059e04e83314a2022-02-14 08:47:32.891root 11241100x80000000000000001756365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.891{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198ee9394eff99412022-02-14 08:47:32.891root 11241100x80000000000000001756366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.891{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef788325461c220d2022-02-14 08:47:32.891root 11241100x80000000000000001756367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.891{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf8f49cf2b820be2022-02-14 08:47:32.891root 11241100x80000000000000001756368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.891{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3243f9275018052022-02-14 08:47:32.891root 11241100x80000000000000001756369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.891{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504b2f6dac53b6752022-02-14 08:47:32.891root 11241100x80000000000000001756370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.891{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7017210f92ece4a2022-02-14 08:47:32.891root 11241100x80000000000000001756371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.891{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb7814734a1a32d2022-02-14 08:47:32.891root 11241100x80000000000000001756372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.891{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35608022674b88512022-02-14 08:47:32.891root 11241100x80000000000000001756373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.892{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d2e101102430ee2022-02-14 08:47:32.892root 11241100x80000000000000001756374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.892{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166a497a47d2afc62022-02-14 08:47:32.892root 11241100x80000000000000001756375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.892{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6050bf90c6497fb52022-02-14 08:47:32.892root 11241100x80000000000000001756376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.892{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449382a750e6b0c02022-02-14 08:47:32.892root 11241100x80000000000000001756377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.892{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca949b07624675462022-02-14 08:47:32.892root 11241100x80000000000000001756378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.892{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d533df1d23b78d682022-02-14 08:47:32.892root 11241100x80000000000000001756379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.892{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb57728081a6b182022-02-14 08:47:32.892root 11241100x80000000000000001756380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.892{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98af127949cad9d22022-02-14 08:47:32.892root 11241100x80000000000000001756381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.892{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54379accf4067f1e2022-02-14 08:47:32.892root 11241100x80000000000000001756382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.892{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de6df63ccde2c022022-02-14 08:47:32.892root 11241100x80000000000000001756383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.892{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22562b12da3a52d92022-02-14 08:47:32.892root 11241100x80000000000000001756384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.892{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786f6ff4948a0a3a2022-02-14 08:47:32.892root 11241100x80000000000000001756385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.892{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9dc5470cad6c1662022-02-14 08:47:32.892root 11241100x80000000000000001756386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.892{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6bc5444330e87d2022-02-14 08:47:32.892root 11241100x80000000000000001756387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.893{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ef27ab360adaaf2022-02-14 08:47:32.893root 11241100x80000000000000001756388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.893{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3f3f7b5fdd5d732022-02-14 08:47:32.893root 11241100x80000000000000001756389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.893{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d27a99acd4e9592022-02-14 08:47:32.893root 11241100x80000000000000001756390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.893{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16b1d84da44ceb92022-02-14 08:47:32.893root 11241100x80000000000000001756391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.893{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0b6c6939e99b712022-02-14 08:47:32.893root 11241100x80000000000000001756392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.893{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461f70bd0284e95b2022-02-14 08:47:32.893root 11241100x80000000000000001756393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.893{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb95d7ee671c0fd52022-02-14 08:47:32.893root 11241100x80000000000000001756394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.893{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ee1f2eea7af9252022-02-14 08:47:32.893root 11241100x80000000000000001756395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.893{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b4ccf3c6cd8f8f2022-02-14 08:47:32.893root 11241100x80000000000000001756396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.893{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657f0e5989433e7d2022-02-14 08:47:32.893root 11241100x80000000000000001756397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.893{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15db55e228c8ed832022-02-14 08:47:32.893root 11241100x80000000000000001756398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.893{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef97623f446e41522022-02-14 08:47:32.893root 11241100x80000000000000001756399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.893{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad944115fde16f12022-02-14 08:47:32.893root 11241100x80000000000000001756400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.893{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d9a561eb2bfb102022-02-14 08:47:32.893root 11241100x80000000000000001756401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.893{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee766500dfcb9f12022-02-14 08:47:32.893root 11241100x80000000000000001756402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.894{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87983de06f1cd8602022-02-14 08:47:32.894root 11241100x80000000000000001756403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.894{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be5e46f6053d0842022-02-14 08:47:32.894root 11241100x80000000000000001756404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.894{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f0dfe0088489742022-02-14 08:47:32.894root 11241100x80000000000000001756405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.894{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440041a30ae264c02022-02-14 08:47:32.894root 11241100x80000000000000001756406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.894{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40230f5e38287572022-02-14 08:47:32.894root 11241100x80000000000000001756407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.894{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7e394fb745e7152022-02-14 08:47:32.894root 11241100x80000000000000001756408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.894{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e28d9753de11e652022-02-14 08:47:32.894root 11241100x80000000000000001756409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.894{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303357d5763d7a5a2022-02-14 08:47:32.894root 11241100x80000000000000001756410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.894{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99fc5df25f252322022-02-14 08:47:32.894root 11241100x80000000000000001756411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.894{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73b2aedaf8760192022-02-14 08:47:32.894root 11241100x80000000000000001756412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.894{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b757a10782f6dea2022-02-14 08:47:32.894root 11241100x80000000000000001756413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.894{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aeb5e8fc0139c232022-02-14 08:47:32.894root 11241100x80000000000000001756414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.894{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67cf5800125660e2022-02-14 08:47:32.894root 11241100x80000000000000001756415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.894{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb38176b27ff0d92022-02-14 08:47:32.894root 11241100x80000000000000001756416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.894{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3754fa74658d8ea2022-02-14 08:47:32.894root 11241100x80000000000000001756417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.895{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932773adcbfa6fe12022-02-14 08:47:32.895root 11241100x80000000000000001756418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.895{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d353d1a7d0118e2022-02-14 08:47:32.895root 11241100x80000000000000001756419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.895{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc2b78c4beb4d402022-02-14 08:47:32.895root 11241100x80000000000000001756420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.895{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd7a682a4d971a72022-02-14 08:47:32.895root 11241100x80000000000000001756421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.895{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e57a32466c7f432022-02-14 08:47:32.895root 11241100x80000000000000001756422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.895{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80837ac09b8164862022-02-14 08:47:32.895root 11241100x80000000000000001756423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.895{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8b45853cd375c02022-02-14 08:47:32.895root 11241100x80000000000000001756424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.895{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad9805ad0af6cc82022-02-14 08:47:32.895root 11241100x80000000000000001756425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.895{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd352321b516f672022-02-14 08:47:32.895root 11241100x80000000000000001756426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.896{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c7fc8953760fd22022-02-14 08:47:32.896root 11241100x80000000000000001756427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.896{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724aa2243143257a2022-02-14 08:47:32.896root 11241100x80000000000000001756428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.896{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a0565a2dab567e2022-02-14 08:47:32.896root 11241100x80000000000000001756429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.896{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348a0256ce57046b2022-02-14 08:47:32.896root 11241100x80000000000000001756430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.896{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fdb375b59c31cd2022-02-14 08:47:32.896root 11241100x80000000000000001756431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.896{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed1a700ba3e57822022-02-14 08:47:32.896root 11241100x80000000000000001756432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.896{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c470f353943c442022-02-14 08:47:32.896root 11241100x80000000000000001756433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.896{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bf1067ca5ec72f2022-02-14 08:47:32.896root 11241100x80000000000000001756434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.896{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d671abcc203c1b2022-02-14 08:47:32.896root 11241100x80000000000000001756435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.896{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3041bc5f597fa72e2022-02-14 08:47:32.896root 11241100x80000000000000001756436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.896{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f838dcf60c49772022-02-14 08:47:32.896root 11241100x80000000000000001756437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.896{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c659d7167759ba342022-02-14 08:47:32.896root 11241100x80000000000000001756438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.896{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7de5327f851f8e2022-02-14 08:47:32.896root 11241100x80000000000000001756439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.896{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfae63d16e66864a2022-02-14 08:47:32.896root 11241100x80000000000000001756440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.897{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84a1adec31a53182022-02-14 08:47:32.897root 11241100x80000000000000001756441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.897{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d39891236d85df2022-02-14 08:47:32.897root 11241100x80000000000000001756442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.897{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3307bb94a28f1f52022-02-14 08:47:32.897root 11241100x80000000000000001756443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.897{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f871fd98a9e92a2022-02-14 08:47:32.897root 11241100x80000000000000001756444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.897{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcefe5f68ad65332022-02-14 08:47:32.897root 11241100x80000000000000001756445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.897{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9ab0bed8cdf8bb2022-02-14 08:47:32.897root 11241100x80000000000000001756446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.897{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2674a3a016e14c912022-02-14 08:47:32.897root 11241100x80000000000000001756447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.897{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb8bffca1e4aefd2022-02-14 08:47:32.897root 11241100x80000000000000001756448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.897{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdb447320cb12c72022-02-14 08:47:32.897root 11241100x80000000000000001756449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.897{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33673e8a1fa8a6d12022-02-14 08:47:32.897root 11241100x80000000000000001756450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.897{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30c18a77f7ce4522022-02-14 08:47:32.897root 11241100x80000000000000001756451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.897{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e7f4fae866839e2022-02-14 08:47:32.897root 11241100x80000000000000001756452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.898{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5dfa67bc988cf72022-02-14 08:47:32.898root 11241100x80000000000000001756453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.898{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d546271a0fcb7b2022-02-14 08:47:32.898root 11241100x80000000000000001756454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.898{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2535ee4d2c2d942022-02-14 08:47:32.898root 11241100x80000000000000001756455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.898{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994a4660ee1bf7f62022-02-14 08:47:32.898root 11241100x80000000000000001756456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.898{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff10110c8b01fb8f2022-02-14 08:47:32.898root 11241100x80000000000000001756457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.898{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e123a3a943c5723b2022-02-14 08:47:32.898root 11241100x80000000000000001756458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.898{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41eb758d3ef8f45d2022-02-14 08:47:32.898root 11241100x80000000000000001756459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.898{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471f9fa46ddc86122022-02-14 08:47:32.898root 11241100x80000000000000001756460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.898{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ad651b4fe041252022-02-14 08:47:32.898root 11241100x80000000000000001756461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.898{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf03f9e7acc29a42022-02-14 08:47:32.898root 11241100x80000000000000001756462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.899{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c13e9808416fa62022-02-14 08:47:32.899root 11241100x80000000000000001756463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.899{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bfc40edd87afce2022-02-14 08:47:32.899root 11241100x80000000000000001756464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.899{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49b8ba630daefed2022-02-14 08:47:32.899root 11241100x80000000000000001756465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.899{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb14add952e98df82022-02-14 08:47:32.899root 11241100x80000000000000001756466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.899{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd99fa80b6038b492022-02-14 08:47:32.899root 11241100x80000000000000001756467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.899{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696df8108ecea0102022-02-14 08:47:32.899root 11241100x80000000000000001756468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.899{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde12e45e07b3fb22022-02-14 08:47:32.899root 11241100x80000000000000001756469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.899{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516a7053765f9bba2022-02-14 08:47:32.899root 11241100x80000000000000001756470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.899{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcdc67b5af581832022-02-14 08:47:32.899root 11241100x80000000000000001756471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.899{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ba87133f768c2d2022-02-14 08:47:32.899root 11241100x80000000000000001756472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.900{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc772a4014a245c2022-02-14 08:47:32.900root 11241100x80000000000000001756473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.900{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa3a9622b7859cb2022-02-14 08:47:32.900root 11241100x80000000000000001756474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.900{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6529e90d8879fa6f2022-02-14 08:47:32.900root 11241100x80000000000000001756475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.900{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27cb00c05e8860e62022-02-14 08:47:32.900root 11241100x80000000000000001756476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.901{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc8f4c75b07ad7e2022-02-14 08:47:32.901root 11241100x80000000000000001756477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.901{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82e019fad44a4e72022-02-14 08:47:32.901root 11241100x80000000000000001756478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.901{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31159d00754af512022-02-14 08:47:32.901root 11241100x80000000000000001756479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.901{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdea9454ee3e637d2022-02-14 08:47:32.901root 11241100x80000000000000001756480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.901{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1005614038c5a2ec2022-02-14 08:47:32.901root 11241100x80000000000000001756481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.901{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a220408560894a2022-02-14 08:47:32.901root 11241100x80000000000000001756482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.901{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcdebf362362ca92022-02-14 08:47:32.901root 11241100x80000000000000001756483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.901{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6e779ed02ad9772022-02-14 08:47:32.901root 11241100x80000000000000001756484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.901{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a66e6f4688c7622022-02-14 08:47:32.901root 11241100x80000000000000001756485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.901{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24653c803720ed0b2022-02-14 08:47:32.901root 11241100x80000000000000001756486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.901{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99f7ef13bc908152022-02-14 08:47:32.901root 11241100x80000000000000001756487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.902{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca56b8a44daed2c2022-02-14 08:47:32.902root 11241100x80000000000000001756488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.902{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cb3ceb3f44baff2022-02-14 08:47:32.902root 11241100x80000000000000001756489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.902{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6aeac7541b96ef2022-02-14 08:47:32.902root 11241100x80000000000000001756490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.902{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48d4daedf07318f2022-02-14 08:47:32.902root 11241100x80000000000000001756491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.902{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107229d53e0d7c282022-02-14 08:47:32.902root 11241100x80000000000000001756492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.902{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c5a958ce8648c22022-02-14 08:47:32.902root 11241100x80000000000000001756493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.902{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8694ad87d10d2892022-02-14 08:47:32.902root 11241100x80000000000000001756494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.902{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe3c06dfeeff2e72022-02-14 08:47:32.902root 11241100x80000000000000001756495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.902{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa3b917313e03a62022-02-14 08:47:32.902root 11241100x80000000000000001756496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.902{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ef6b796248dee92022-02-14 08:47:32.902root 11241100x80000000000000001756497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.903{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49fd84eaad2f09f2022-02-14 08:47:32.903root 11241100x80000000000000001756498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.903{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc98e7e58eee6b3f2022-02-14 08:47:32.903root 11241100x80000000000000001756499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.903{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40c4f8f351213d72022-02-14 08:47:32.903root 11241100x80000000000000001756500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.903{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b04d0efaaa65b4a2022-02-14 08:47:32.903root 11241100x80000000000000001756501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.903{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1faa7d2cb948bc2022-02-14 08:47:32.903root 11241100x80000000000000001756502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.903{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bb43a5ff69b7722022-02-14 08:47:32.903root 11241100x80000000000000001756503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.904{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6109b9ec908667132022-02-14 08:47:32.904root 11241100x80000000000000001756504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.904{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2cfeecb4996c692022-02-14 08:47:32.904root 11241100x80000000000000001756505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.904{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1fd145ae8fcbcd2022-02-14 08:47:32.904root 11241100x80000000000000001756506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.904{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe37c38db338f272022-02-14 08:47:32.904root 11241100x80000000000000001756507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.904{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f8841f509de8e12022-02-14 08:47:32.904root 11241100x80000000000000001756508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.904{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839723ae1efb84372022-02-14 08:47:32.904root 11241100x80000000000000001756509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.904{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26df0f10d9c8c1c2022-02-14 08:47:32.904root 11241100x80000000000000001756510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.904{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2d53eebd0c407b2022-02-14 08:47:32.904root 11241100x80000000000000001756511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.905{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c469a75b12848c2022-02-14 08:47:32.905root 11241100x80000000000000001756512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.905{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d6a2e9075462132022-02-14 08:47:32.905root 11241100x80000000000000001756513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.905{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240b353adaafd52e2022-02-14 08:47:32.905root 11241100x80000000000000001756514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.905{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e0f07120153e162022-02-14 08:47:32.905root 11241100x80000000000000001756515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.905{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec13937726142dbf2022-02-14 08:47:32.905root 11241100x80000000000000001756516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.905{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2de2b4c0a6217c2022-02-14 08:47:32.905root 11241100x80000000000000001756517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.905{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d943d9dfcf05972022-02-14 08:47:32.905root 11241100x80000000000000001756518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:32.905{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8df46f95c5af81b2022-02-14 08:47:32.905root 11241100x80000000000000001756519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6a86cbe99398922022-02-14 08:47:33.182root 11241100x80000000000000001756520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29d66f5b4a1ba792022-02-14 08:47:33.182root 11241100x80000000000000001756521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca88215ff1fd6402022-02-14 08:47:33.182root 11241100x80000000000000001756522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227c8cb47bd297172022-02-14 08:47:33.182root 11241100x80000000000000001756523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d25f2e66ba30ad72022-02-14 08:47:33.182root 11241100x80000000000000001756524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302284cc4abc7adb2022-02-14 08:47:33.182root 11241100x80000000000000001756525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445211ff7b31383f2022-02-14 08:47:33.182root 11241100x80000000000000001756526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26cd996b33a91de2022-02-14 08:47:33.182root 11241100x80000000000000001756527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fea03a0c52d4d4d2022-02-14 08:47:33.182root 11241100x80000000000000001756528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53306818a2af88de2022-02-14 08:47:33.182root 11241100x80000000000000001756529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e8d771eb09d0d62022-02-14 08:47:33.182root 11241100x80000000000000001756530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed21282630c1ed8c2022-02-14 08:47:33.182root 11241100x80000000000000001756531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bfe367995fd5612022-02-14 08:47:33.182root 11241100x80000000000000001756532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71ed86ce1dc8ede2022-02-14 08:47:33.183root 11241100x80000000000000001756533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f0c29787de308e2022-02-14 08:47:33.183root 11241100x80000000000000001756534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ad06a8520936ca2022-02-14 08:47:33.183root 11241100x80000000000000001756535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8448bfae64bed2982022-02-14 08:47:33.183root 11241100x80000000000000001756536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f20d0612b0347672022-02-14 08:47:33.183root 11241100x80000000000000001756537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca18a37a643849d62022-02-14 08:47:33.183root 11241100x80000000000000001756538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d405f5c554ecdbe2022-02-14 08:47:33.183root 11241100x80000000000000001756539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50b3937d5bfed182022-02-14 08:47:33.183root 11241100x80000000000000001756540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276e87182b4571a72022-02-14 08:47:33.183root 11241100x80000000000000001756541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3ec042832dac922022-02-14 08:47:33.183root 11241100x80000000000000001756542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c777acdbc7316a2022-02-14 08:47:33.183root 11241100x80000000000000001756543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15310a3987c666da2022-02-14 08:47:33.183root 11241100x80000000000000001756544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0faeb209b0b9ffc32022-02-14 08:47:33.183root 11241100x80000000000000001756545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a179a46b1c256fca2022-02-14 08:47:33.183root 11241100x80000000000000001756546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdbe7726dabe26e2022-02-14 08:47:33.183root 11241100x80000000000000001756547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77593fa11a692d992022-02-14 08:47:33.184root 11241100x80000000000000001756548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b166fdcc322397cd2022-02-14 08:47:33.184root 11241100x80000000000000001756549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b73639b6ffa40f2022-02-14 08:47:33.184root 11241100x80000000000000001756550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9798b7ccfaf671712022-02-14 08:47:33.184root 11241100x80000000000000001756551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe004e227a245bb2022-02-14 08:47:33.184root 11241100x80000000000000001756552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c8d5b55f7470bc2022-02-14 08:47:33.184root 11241100x80000000000000001756553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0492af9e9445a942022-02-14 08:47:33.184root 11241100x80000000000000001756554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c8bc9a146d7ad12022-02-14 08:47:33.184root 11241100x80000000000000001756555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c3f91d7cd126e92022-02-14 08:47:33.184root 11241100x80000000000000001756556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13717eb54bed219c2022-02-14 08:47:33.184root 11241100x80000000000000001756557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703ec870aa445d862022-02-14 08:47:33.184root 11241100x80000000000000001756558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1096278a455814512022-02-14 08:47:33.184root 11241100x80000000000000001756559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d85b8cef8853d7b2022-02-14 08:47:33.184root 11241100x80000000000000001756560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97f7ec7da328b382022-02-14 08:47:33.184root 11241100x80000000000000001756561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e16c44759912d9a2022-02-14 08:47:33.184root 11241100x80000000000000001756562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147be12380b978552022-02-14 08:47:33.184root 11241100x80000000000000001756563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf55af64a861b752022-02-14 08:47:33.185root 11241100x80000000000000001756564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee101a12d707f752022-02-14 08:47:33.185root 11241100x80000000000000001756565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb5a81dae65de192022-02-14 08:47:33.185root 11241100x80000000000000001756566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad28a655030b8622022-02-14 08:47:33.185root 11241100x80000000000000001756567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863f4d8dc9edf3e92022-02-14 08:47:33.185root 11241100x80000000000000001756568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc2f51c3d760eb02022-02-14 08:47:33.185root 11241100x80000000000000001756569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8dc6a0dac30faf2022-02-14 08:47:33.185root 11241100x80000000000000001756570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aaaa20325936b542022-02-14 08:47:33.185root 11241100x80000000000000001756571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b83906e766892782022-02-14 08:47:33.185root 11241100x80000000000000001756572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9808844c03f469cc2022-02-14 08:47:33.185root 11241100x80000000000000001756573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e871a3e8e8e143652022-02-14 08:47:33.185root 11241100x80000000000000001756574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f301997b15d47f662022-02-14 08:47:33.185root 11241100x80000000000000001756575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d06068683064362022-02-14 08:47:33.185root 11241100x80000000000000001756576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bc5df0e00d9aed2022-02-14 08:47:33.185root 11241100x80000000000000001756577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc6975c903bd0b32022-02-14 08:47:33.186root 11241100x80000000000000001756578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f18ee021eae2872022-02-14 08:47:33.186root 11241100x80000000000000001756579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a7501d72ec653d2022-02-14 08:47:33.186root 11241100x80000000000000001756580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0363ebc361d3f2862022-02-14 08:47:33.186root 11241100x80000000000000001756581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074445d5bcbf83fc2022-02-14 08:47:33.186root 11241100x80000000000000001756582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cc1c0dd3241dfe2022-02-14 08:47:33.186root 11241100x80000000000000001756583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c393d2309e7175252022-02-14 08:47:33.186root 11241100x80000000000000001756584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89e4288e7fdccf42022-02-14 08:47:33.186root 11241100x80000000000000001756585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8be5d709e4d8f52022-02-14 08:47:33.186root 11241100x80000000000000001756586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ada85d16f15deab2022-02-14 08:47:33.186root 11241100x80000000000000001756587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f30b6f680d473052022-02-14 08:47:33.186root 11241100x80000000000000001756588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2b8121bf6948ab2022-02-14 08:47:33.186root 11241100x80000000000000001756589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61aad0226c8648cb2022-02-14 08:47:33.186root 11241100x80000000000000001756590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ade1907a6f0d782022-02-14 08:47:33.186root 11241100x80000000000000001756591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a099f6e84a81d82022-02-14 08:47:33.186root 11241100x80000000000000001756592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee12464e02c58d6b2022-02-14 08:47:33.186root 11241100x80000000000000001756593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd3b7c358e855af2022-02-14 08:47:33.187root 11241100x80000000000000001756594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aeae52af0fe50fa2022-02-14 08:47:33.187root 11241100x80000000000000001756595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e7f9e5c13c02262022-02-14 08:47:33.187root 11241100x80000000000000001756596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77462c8d0bedee32022-02-14 08:47:33.187root 11241100x80000000000000001756597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934fb726444f80852022-02-14 08:47:33.187root 11241100x80000000000000001756598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116d8e43ffcf71442022-02-14 08:47:33.187root 11241100x80000000000000001756599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ed06738436035e2022-02-14 08:47:33.187root 11241100x80000000000000001756600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9478ae813d887092022-02-14 08:47:33.187root 11241100x80000000000000001756601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1255ce5c3bff08d2022-02-14 08:47:33.187root 11241100x80000000000000001756602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d16f9f6a9093642022-02-14 08:47:33.187root 11241100x80000000000000001756603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a47d9c838e0e992022-02-14 08:47:33.187root 11241100x80000000000000001756604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091d55d711450cbb2022-02-14 08:47:33.187root 11241100x80000000000000001756605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487fe21930e04c2f2022-02-14 08:47:33.187root 11241100x80000000000000001756606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32755689136978c2022-02-14 08:47:33.188root 11241100x80000000000000001756607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2b78c5400fbfca2022-02-14 08:47:33.188root 11241100x80000000000000001756608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e9fe4aa7d2d1062022-02-14 08:47:33.188root 11241100x80000000000000001756609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa00ebbdace6fc582022-02-14 08:47:33.188root 11241100x80000000000000001756610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdb1a5b3e9d2b872022-02-14 08:47:33.188root 11241100x80000000000000001756611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1348f995a70104622022-02-14 08:47:33.188root 11241100x80000000000000001756612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e61e672567433c22022-02-14 08:47:33.188root 11241100x80000000000000001756613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2190aa39f5b407672022-02-14 08:47:33.188root 11241100x80000000000000001756614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd2f12a7e670f922022-02-14 08:47:33.188root 11241100x80000000000000001756615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43908c5542415a6c2022-02-14 08:47:33.188root 11241100x80000000000000001756616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da2300eb7138f642022-02-14 08:47:33.188root 11241100x80000000000000001756617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643e2be6d874c3db2022-02-14 08:47:33.188root 11241100x80000000000000001756618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776e3773b43f50422022-02-14 08:47:33.188root 11241100x80000000000000001756619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd95bd172d230b92022-02-14 08:47:33.188root 11241100x80000000000000001756620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9371069f295d61b52022-02-14 08:47:33.188root 11241100x80000000000000001756621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec1bdde5193e4472022-02-14 08:47:33.189root 11241100x80000000000000001756622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f56111799b25df2022-02-14 08:47:33.189root 11241100x80000000000000001756623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689909cc4beb38ed2022-02-14 08:47:33.189root 11241100x80000000000000001756624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7908601748bc6212022-02-14 08:47:33.189root 11241100x80000000000000001756625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b24330693d52e572022-02-14 08:47:33.189root 11241100x80000000000000001756626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a0d9e77d358ab52022-02-14 08:47:33.189root 11241100x80000000000000001756627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4623919ee6b729532022-02-14 08:47:33.189root 11241100x80000000000000001756628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a132854a506fbd42022-02-14 08:47:33.189root 11241100x80000000000000001756629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def3efaedf8db4532022-02-14 08:47:33.189root 11241100x80000000000000001756630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431c724ece95b4dd2022-02-14 08:47:33.189root 11241100x80000000000000001756631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f852404283a14fa2022-02-14 08:47:33.189root 11241100x80000000000000001756632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0a2ff450239bcd2022-02-14 08:47:33.189root 11241100x80000000000000001756633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd35acfb8b41e4372022-02-14 08:47:33.189root 11241100x80000000000000001756634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4231951046b4402022-02-14 08:47:33.189root 11241100x80000000000000001756635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0137fd8e409b3ba92022-02-14 08:47:33.190root 11241100x80000000000000001756636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c291fd07a7d0df92022-02-14 08:47:33.190root 11241100x80000000000000001756637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c20e54fe781cb6e2022-02-14 08:47:33.190root 11241100x80000000000000001756638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e008602ec6055c5e2022-02-14 08:47:33.190root 11241100x80000000000000001756639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c484f2d62fc61c42022-02-14 08:47:33.190root 11241100x80000000000000001756640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0ea6cb6758ff372022-02-14 08:47:33.190root 11241100x80000000000000001756641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603eb6069345242b2022-02-14 08:47:33.190root 11241100x80000000000000001756642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840f6894f237bc9d2022-02-14 08:47:33.190root 11241100x80000000000000001756643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e74b48e7aee7102022-02-14 08:47:33.190root 11241100x80000000000000001756644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac87495ddf8646d72022-02-14 08:47:33.190root 11241100x80000000000000001756645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4cf516cb49fd232022-02-14 08:47:33.190root 11241100x80000000000000001756646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5149e3725bab622022-02-14 08:47:33.190root 11241100x80000000000000001756647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85e2e630165f59b2022-02-14 08:47:33.190root 11241100x80000000000000001756648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a269ca29f87172692022-02-14 08:47:33.190root 11241100x80000000000000001756649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de41c0cca4df09cd2022-02-14 08:47:33.190root 11241100x80000000000000001756650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5b5b9610ede21f2022-02-14 08:47:33.191root 11241100x80000000000000001756651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e701ae9afaf3f21e2022-02-14 08:47:33.191root 11241100x80000000000000001756652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5de4c818956e312022-02-14 08:47:33.191root 11241100x80000000000000001756653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e9a889bb000ec12022-02-14 08:47:33.191root 11241100x80000000000000001756654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e317ba751c66d52022-02-14 08:47:33.191root 11241100x80000000000000001756655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509a2771949bdf052022-02-14 08:47:33.191root 11241100x80000000000000001756656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14588754e8ab3a4f2022-02-14 08:47:33.191root 11241100x80000000000000001756657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b139a3b69b5f982e2022-02-14 08:47:33.191root 11241100x80000000000000001756658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87c89f073f38f7a2022-02-14 08:47:33.191root 11241100x80000000000000001756659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19799dd2682db152022-02-14 08:47:33.191root 11241100x80000000000000001756660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2e67ad81e5bacc2022-02-14 08:47:33.191root 11241100x80000000000000001756661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b147428878f264922022-02-14 08:47:33.191root 11241100x80000000000000001756662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e1c541d9884f382022-02-14 08:47:33.191root 11241100x80000000000000001756663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00dd02470c0b6ef2022-02-14 08:47:33.191root 11241100x80000000000000001756664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73c5c4f4ae596472022-02-14 08:47:33.191root 11241100x80000000000000001756665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53fb1a4e955e1832022-02-14 08:47:33.192root 11241100x80000000000000001756666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874b28df1549f3872022-02-14 08:47:33.192root 11241100x80000000000000001756667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3f95bc02a7d2802022-02-14 08:47:33.192root 11241100x80000000000000001756668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a460eb55fcbbea82022-02-14 08:47:33.192root 11241100x80000000000000001756669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d1627019b0a4aa2022-02-14 08:47:33.192root 11241100x80000000000000001756670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f123fc2ea2c685e52022-02-14 08:47:33.192root 11241100x80000000000000001756671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e38584d0ae3450e2022-02-14 08:47:33.192root 11241100x80000000000000001756672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e992af3ed5a8e9dd2022-02-14 08:47:33.192root 11241100x80000000000000001756673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90594fbc0cde0bd2022-02-14 08:47:33.192root 11241100x80000000000000001756674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9486ebe8e02cbe92022-02-14 08:47:33.192root 11241100x80000000000000001756675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8438d8f2369a83262022-02-14 08:47:33.192root 11241100x80000000000000001756676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44e8144c44faa182022-02-14 08:47:33.192root 11241100x80000000000000001756677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebacb4fce9a3f3f2022-02-14 08:47:33.192root 11241100x80000000000000001756678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8279b4ade93d442022-02-14 08:47:33.192root 11241100x80000000000000001756679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f903ed1fa8f080e42022-02-14 08:47:33.192root 11241100x80000000000000001756680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7d1edf8699e0662022-02-14 08:47:33.193root 11241100x80000000000000001756681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee31d8cc7262791c2022-02-14 08:47:33.193root 11241100x80000000000000001756682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e64badcfbee46f42022-02-14 08:47:33.193root 11241100x80000000000000001756683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bf5346d23d9f7f2022-02-14 08:47:33.193root 11241100x80000000000000001756684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a260b91680135bb52022-02-14 08:47:33.193root 11241100x80000000000000001756685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8776249851737b92022-02-14 08:47:33.193root 11241100x80000000000000001756686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d0f99b94ed87eb2022-02-14 08:47:33.193root 11241100x80000000000000001756687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179f63b54681b0a82022-02-14 08:47:33.193root 11241100x80000000000000001756688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177c36581e4c9f472022-02-14 08:47:33.193root 11241100x80000000000000001756689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b5be47ac16221a2022-02-14 08:47:33.193root 11241100x80000000000000001756690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f961b7b7396c4c512022-02-14 08:47:33.193root 11241100x80000000000000001756691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f3221e2f19dace2022-02-14 08:47:33.193root 11241100x80000000000000001756692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d10844ea0fa2332022-02-14 08:47:33.193root 11241100x80000000000000001756693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed3d10f183ab3ba2022-02-14 08:47:33.193root 11241100x80000000000000001756694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12da14ce6e48e52a2022-02-14 08:47:33.193root 11241100x80000000000000001756695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedfe9e5c4995e0b2022-02-14 08:47:33.194root 11241100x80000000000000001756696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f158a5ed0cb97bb32022-02-14 08:47:33.194root 11241100x80000000000000001756697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba440951570e1a352022-02-14 08:47:33.194root 11241100x80000000000000001756698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827bffbb0aae86212022-02-14 08:47:33.194root 11241100x80000000000000001756699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e702ad29a1e7592022-02-14 08:47:33.194root 11241100x80000000000000001756700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e49beffa39505132022-02-14 08:47:33.194root 11241100x80000000000000001756701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfbb896eacf88c82022-02-14 08:47:33.194root 11241100x80000000000000001756702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e6b8e07351893e2022-02-14 08:47:33.194root 11241100x80000000000000001756703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc00981cb1578a922022-02-14 08:47:33.194root 11241100x80000000000000001756704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b800ad80ad95b532022-02-14 08:47:33.194root 11241100x80000000000000001756705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa113630de76a6f72022-02-14 08:47:33.194root 11241100x80000000000000001756706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4a49da8d78ca012022-02-14 08:47:33.194root 11241100x80000000000000001756707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c3c0d25e0e02122022-02-14 08:47:33.194root 11241100x80000000000000001756708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ac929f11cc599d2022-02-14 08:47:33.194root 11241100x80000000000000001756709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf6fd8d467ed1912022-02-14 08:47:33.194root 11241100x80000000000000001756710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86914f127005f3812022-02-14 08:47:33.195root 11241100x80000000000000001756711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b213c0643eb37ca52022-02-14 08:47:33.195root 11241100x80000000000000001756712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9ea5b69df548362022-02-14 08:47:33.195root 11241100x80000000000000001756713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aedb8493db7e0222022-02-14 08:47:33.195root 11241100x80000000000000001756714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6a406b9c030ced2022-02-14 08:47:33.195root 11241100x80000000000000001756715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0644eb4b82d46d2022-02-14 08:47:33.195root 11241100x80000000000000001756716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4399258b2d836e582022-02-14 08:47:33.195root 11241100x80000000000000001756717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af0e6ebc853f5b82022-02-14 08:47:33.195root 11241100x80000000000000001756718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2626326d9cf795a42022-02-14 08:47:33.195root 11241100x80000000000000001756719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcf26632d4c1b7b2022-02-14 08:47:33.195root 11241100x80000000000000001756720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28faeb090a6e7dc2022-02-14 08:47:33.195root 11241100x80000000000000001756721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f895ee56e356de2022-02-14 08:47:33.196root 11241100x80000000000000001756722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f69c55a334c0cad2022-02-14 08:47:33.196root 11241100x80000000000000001756723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c8ea8dd3ec326e2022-02-14 08:47:33.680root 11241100x80000000000000001756724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5385d3386bf719e32022-02-14 08:47:33.680root 11241100x80000000000000001756725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a296173b5f7255122022-02-14 08:47:33.680root 11241100x80000000000000001756726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f427e55c5b5c7d2022-02-14 08:47:33.680root 11241100x80000000000000001756727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db3d97d62a795092022-02-14 08:47:33.680root 11241100x80000000000000001756728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d0dd29549d1e9e2022-02-14 08:47:33.680root 11241100x80000000000000001756729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479f9b0e006e05282022-02-14 08:47:33.680root 11241100x80000000000000001756730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b542b2a1f15d6cc92022-02-14 08:47:33.681root 11241100x80000000000000001756731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824d17335726fc5e2022-02-14 08:47:33.681root 11241100x80000000000000001756732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca34e150ba8040c02022-02-14 08:47:33.681root 11241100x80000000000000001756733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0358400a49a41c2022-02-14 08:47:33.681root 11241100x80000000000000001756734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ca76a6b1493c092022-02-14 08:47:33.681root 11241100x80000000000000001756735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93be0772df3fcae2022-02-14 08:47:33.681root 11241100x80000000000000001756736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119ca14371eec84f2022-02-14 08:47:33.681root 11241100x80000000000000001756737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0c4fb3d8dac49e2022-02-14 08:47:33.681root 11241100x80000000000000001756738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4f1a18db43a4512022-02-14 08:47:33.681root 11241100x80000000000000001756739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d658f2fb460478ff2022-02-14 08:47:33.681root 11241100x80000000000000001756740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17cb1a5a90039262022-02-14 08:47:33.681root 11241100x80000000000000001756741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8d8063d36fc9142022-02-14 08:47:33.681root 11241100x80000000000000001756742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a487decfd650a0a2022-02-14 08:47:33.681root 11241100x80000000000000001756743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653aaba895bfc9512022-02-14 08:47:33.681root 11241100x80000000000000001756744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2692681b04cfb9eb2022-02-14 08:47:33.682root 11241100x80000000000000001756745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b8e8289c860f102022-02-14 08:47:33.682root 11241100x80000000000000001756746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09579448a34937c32022-02-14 08:47:33.682root 11241100x80000000000000001756747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d934898c2ae5b9e82022-02-14 08:47:33.682root 11241100x80000000000000001756748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9647a81d2f65ee692022-02-14 08:47:33.682root 11241100x80000000000000001756749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942f5cd4f3096c662022-02-14 08:47:33.682root 11241100x80000000000000001756750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ecdaee11ba45b32022-02-14 08:47:33.682root 11241100x80000000000000001756751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc8c83d053c049b2022-02-14 08:47:33.682root 11241100x80000000000000001756752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d477bbe4cb89f8242022-02-14 08:47:33.682root 11241100x80000000000000001756753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c148ef0d141b40702022-02-14 08:47:33.682root 11241100x80000000000000001756754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2920103c0b240482022-02-14 08:47:33.682root 11241100x80000000000000001756755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5265acd0693d31302022-02-14 08:47:33.682root 11241100x80000000000000001756756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9649e540870623342022-02-14 08:47:33.682root 11241100x80000000000000001756757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d57bcbbf5636332022-02-14 08:47:33.683root 11241100x80000000000000001756758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b501ac87196b032022-02-14 08:47:33.683root 11241100x80000000000000001756759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d24c963c1f43b22022-02-14 08:47:33.683root 11241100x80000000000000001756760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ea971001a94da42022-02-14 08:47:33.683root 11241100x80000000000000001756761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49a6248e4f8d4872022-02-14 08:47:33.683root 11241100x80000000000000001756762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376a27243b71e74f2022-02-14 08:47:33.683root 11241100x80000000000000001756763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12cbac37144090532022-02-14 08:47:33.683root 11241100x80000000000000001756764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461a2343b575ee272022-02-14 08:47:33.683root 11241100x80000000000000001756765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22539e56db80cc442022-02-14 08:47:33.683root 11241100x80000000000000001756766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a5a08f6ec4acdb2022-02-14 08:47:33.683root 11241100x80000000000000001756767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4218f0e6e2c68ac2022-02-14 08:47:33.683root 11241100x80000000000000001756768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a211b412aaf808b62022-02-14 08:47:33.683root 11241100x80000000000000001756769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934fc0c56fb988582022-02-14 08:47:33.683root 11241100x80000000000000001756770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11988107422bf8922022-02-14 08:47:33.683root 11241100x80000000000000001756771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2c881eb448a9c32022-02-14 08:47:33.683root 11241100x80000000000000001756772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05361c81ec659b42022-02-14 08:47:33.684root 11241100x80000000000000001756773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ebf7594696b3cf2022-02-14 08:47:33.684root 11241100x80000000000000001756774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd854bd7a71eb9f2022-02-14 08:47:33.684root 11241100x80000000000000001756775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6b2bb1cd10c9832022-02-14 08:47:33.684root 11241100x80000000000000001756776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f44c91d8dae96b2022-02-14 08:47:33.684root 11241100x80000000000000001756777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141e6a1f92ce96b62022-02-14 08:47:33.684root 11241100x80000000000000001756778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14eb9b48540599832022-02-14 08:47:33.684root 11241100x80000000000000001756779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48ffc152f6325022022-02-14 08:47:33.684root 11241100x80000000000000001756780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cacfb57e94f97a2022-02-14 08:47:33.684root 11241100x80000000000000001756781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65117aef2ab1b9442022-02-14 08:47:33.684root 11241100x80000000000000001756782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bda424c8d917732022-02-14 08:47:33.684root 11241100x80000000000000001756783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1de86fdd441ebfa2022-02-14 08:47:33.684root 11241100x80000000000000001756784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2be7ae605fb7422022-02-14 08:47:33.684root 11241100x80000000000000001756785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46820089433664fe2022-02-14 08:47:33.684root 11241100x80000000000000001756786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e81be3ed991829e2022-02-14 08:47:33.684root 11241100x80000000000000001756787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a73c5d4ee46a682022-02-14 08:47:33.684root 11241100x80000000000000001756788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51224c31280d46de2022-02-14 08:47:33.685root 11241100x80000000000000001756789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8f7d84401cb1cc2022-02-14 08:47:33.685root 11241100x80000000000000001756790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5c1f202f9c95252022-02-14 08:47:33.685root 11241100x80000000000000001756791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334aeec97fe4cbd72022-02-14 08:47:33.685root 11241100x80000000000000001756792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583ef7cc4f6e37c12022-02-14 08:47:33.685root 11241100x80000000000000001756793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee40254e05ab7ad2022-02-14 08:47:33.685root 11241100x80000000000000001756794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ece7bd5c578abef2022-02-14 08:47:33.685root 11241100x80000000000000001756795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef38ba9ffdbcb272022-02-14 08:47:33.685root 11241100x80000000000000001756796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14057745f64f66ea2022-02-14 08:47:33.685root 11241100x80000000000000001756797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4e6bafb27abdd72022-02-14 08:47:33.685root 11241100x80000000000000001756798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a4eb67ca5b98f02022-02-14 08:47:33.685root 11241100x80000000000000001756799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01322aeaf5d86ec02022-02-14 08:47:33.685root 11241100x80000000000000001756800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8334648fcb5ca012022-02-14 08:47:33.685root 11241100x80000000000000001756801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.685{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c124c84fa5d20bc92022-02-14 08:47:33.685root 11241100x80000000000000001756802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bf97302790da912022-02-14 08:47:33.686root 11241100x80000000000000001756803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599e44278d7a74db2022-02-14 08:47:33.686root 11241100x80000000000000001756804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6073cab7fe19b9862022-02-14 08:47:33.686root 11241100x80000000000000001756805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ccad2fe00883ad2022-02-14 08:47:33.686root 11241100x80000000000000001756806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9b60aa51012f0e2022-02-14 08:47:33.686root 11241100x80000000000000001756807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cab191ace47efe32022-02-14 08:47:33.686root 11241100x80000000000000001756808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ced1883791107922022-02-14 08:47:33.686root 11241100x80000000000000001756809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b107f8a09964e0c2022-02-14 08:47:33.686root 11241100x80000000000000001756810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7745d36832ab1a12022-02-14 08:47:33.686root 11241100x80000000000000001756811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171bd7411817ed712022-02-14 08:47:33.686root 11241100x80000000000000001756812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a82fc2a3d404e6e2022-02-14 08:47:33.686root 11241100x80000000000000001756813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56888a685e867e1c2022-02-14 08:47:33.686root 11241100x80000000000000001756814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a590cadf2a2c3342022-02-14 08:47:33.687root 11241100x80000000000000001756815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63a69a8677fa55b2022-02-14 08:47:33.687root 11241100x80000000000000001756816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad87d15f796e7c942022-02-14 08:47:33.687root 11241100x80000000000000001756817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335781b0e94ba1c12022-02-14 08:47:33.687root 11241100x80000000000000001756818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c424f7898ba713702022-02-14 08:47:33.687root 11241100x80000000000000001756819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b44e218cdd5a252022-02-14 08:47:33.687root 11241100x80000000000000001756820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e336ae581c302c9b2022-02-14 08:47:33.687root 11241100x80000000000000001756821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0762c3b75a58a162022-02-14 08:47:33.687root 11241100x80000000000000001756822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66286d73472fc0242022-02-14 08:47:33.687root 11241100x80000000000000001756823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc0aba4b95d953f2022-02-14 08:47:33.687root 11241100x80000000000000001756824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb9fac3d039d3892022-02-14 08:47:33.687root 11241100x80000000000000001756825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61f56749556472d2022-02-14 08:47:33.688root 11241100x80000000000000001756826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bb9d5945527e252022-02-14 08:47:33.688root 11241100x80000000000000001756827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a887bf57aedbe82022-02-14 08:47:33.688root 11241100x80000000000000001756828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1a46487cf92bfa2022-02-14 08:47:33.688root 11241100x80000000000000001756829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a83fd045f87cea2022-02-14 08:47:33.688root 11241100x80000000000000001756830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643646ac649304c22022-02-14 08:47:33.688root 11241100x80000000000000001756831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ec0ea4669ea0132022-02-14 08:47:33.688root 11241100x80000000000000001756832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6185c856f53bc4042022-02-14 08:47:33.688root 11241100x80000000000000001756833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4281f3af3dca66ce2022-02-14 08:47:33.688root 11241100x80000000000000001756834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694663270e086d812022-02-14 08:47:33.688root 11241100x80000000000000001756835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5895e7990a78414a2022-02-14 08:47:33.688root 11241100x80000000000000001756836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffaf5c948d8c6002022-02-14 08:47:33.688root 11241100x80000000000000001756837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0473f321274ef6e92022-02-14 08:47:33.689root 11241100x80000000000000001756838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6dbb54336fd2782022-02-14 08:47:33.689root 11241100x80000000000000001756839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af8f3260b27f4c72022-02-14 08:47:33.689root 11241100x80000000000000001756840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c84bcdae0bd1342022-02-14 08:47:33.689root 11241100x80000000000000001756841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbde85d7d1ffaac2022-02-14 08:47:33.689root 11241100x80000000000000001756842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd20215ddb1cab192022-02-14 08:47:33.689root 11241100x80000000000000001756843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a71f9df27072df2022-02-14 08:47:33.689root 11241100x80000000000000001756844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a507d04dd8aaee312022-02-14 08:47:33.689root 11241100x80000000000000001756845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680f0e4121b8d4292022-02-14 08:47:33.689root 11241100x80000000000000001756846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.689{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629ef5ef28f9b1c12022-02-14 08:47:33.689root 11241100x80000000000000001756847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9e3ea475021b9a2022-02-14 08:47:33.690root 11241100x80000000000000001756848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6022a6578faa21b32022-02-14 08:47:33.690root 11241100x80000000000000001756849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cc9fdf3d965b792022-02-14 08:47:33.690root 11241100x80000000000000001756850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd8f0c26aef0ab92022-02-14 08:47:33.690root 11241100x80000000000000001756851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3d4b9ea507e58c2022-02-14 08:47:33.690root 11241100x80000000000000001756852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216b977efa640d022022-02-14 08:47:33.695root 11241100x80000000000000001756853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.695{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ebbc6d54a7fd3b2022-02-14 08:47:33.695root 11241100x80000000000000001756854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f835002f1ed268c72022-02-14 08:47:33.696root 11241100x80000000000000001756855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b8cf46e8ff8b9c2022-02-14 08:47:33.696root 11241100x80000000000000001756856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b5cd4600f426692022-02-14 08:47:33.696root 11241100x80000000000000001756857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3468b966836d5fe22022-02-14 08:47:33.696root 11241100x80000000000000001756858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.696{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28b99f2e21d4b262022-02-14 08:47:33.696root 11241100x80000000000000001756859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7245d518606a10d2022-02-14 08:47:33.697root 11241100x80000000000000001756860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf46232e04aa9f02022-02-14 08:47:33.697root 11241100x80000000000000001756861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.697{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0499ffff27d2892022-02-14 08:47:33.697root 11241100x80000000000000001756862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cedf19dea6d37112022-02-14 08:47:33.698root 11241100x80000000000000001756863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d10345f1ce458d02022-02-14 08:47:33.698root 11241100x80000000000000001756864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.698{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87eeab6867e798f2022-02-14 08:47:33.698root 11241100x80000000000000001756865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbafdd4720c675f2022-02-14 08:47:33.699root 11241100x80000000000000001756866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.699{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaae06ebf859fd152022-02-14 08:47:33.699root 11241100x80000000000000001756867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.700{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6dcee3aee8ff602022-02-14 08:47:33.700root 11241100x80000000000000001756868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.701{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27265fbf148a7272022-02-14 08:47:33.701root 11241100x80000000000000001756869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577ad563a24266412022-02-14 08:47:33.702root 11241100x80000000000000001756870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.702{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9402624a2ae5562022-02-14 08:47:33.702root 11241100x80000000000000001756871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcc42bb0acb30202022-02-14 08:47:33.703root 11241100x80000000000000001756872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.703{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c302af923244fc5d2022-02-14 08:47:33.703root 11241100x80000000000000001756873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85fd8e3f3be173e2022-02-14 08:47:33.704root 11241100x80000000000000001756874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72591c752381cd42022-02-14 08:47:33.704root 11241100x80000000000000001756875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.704{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113f7eaed0230dfe2022-02-14 08:47:33.704root 11241100x80000000000000001756876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.705{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb48044e3c4a1e12022-02-14 08:47:33.705root 11241100x80000000000000001756877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.706{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4491fd870ec8f90c2022-02-14 08:47:33.706root 11241100x80000000000000001756878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.707{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f7a08d3033520d2022-02-14 08:47:33.707root 11241100x80000000000000001756879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.707{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e80e3dce4ed305c2022-02-14 08:47:33.707root 11241100x80000000000000001756880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.707{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ebcc5e9ae8c6542022-02-14 08:47:33.707root 11241100x80000000000000001756881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.708{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676a90dca7fe8a2b2022-02-14 08:47:33.708root 11241100x80000000000000001756882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.708{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fddbcb645602a102022-02-14 08:47:33.708root 11241100x80000000000000001756883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.708{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225f09959a1eca0f2022-02-14 08:47:33.708root 11241100x80000000000000001756884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.708{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e0871c9948c94a2022-02-14 08:47:33.708root 11241100x80000000000000001756885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.708{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192e23a5553821272022-02-14 08:47:33.708root 11241100x80000000000000001756886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.709{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76b12834b4189622022-02-14 08:47:33.709root 11241100x80000000000000001756887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.709{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee0d2b1987877512022-02-14 08:47:33.709root 11241100x80000000000000001756888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.709{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1374cd9a42e1e7fd2022-02-14 08:47:33.709root 11241100x80000000000000001756889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.709{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752acb50247ad6522022-02-14 08:47:33.709root 11241100x80000000000000001756890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.709{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c011ac8bbf70492022-02-14 08:47:33.709root 11241100x80000000000000001756891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9296b291c2981f72022-02-14 08:47:33.710root 11241100x80000000000000001756892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5bd5d37f2ba6b12022-02-14 08:47:33.710root 11241100x80000000000000001756893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c06145fd07013b2022-02-14 08:47:33.710root 11241100x80000000000000001756894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.710{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020c96b1053fee722022-02-14 08:47:33.710root 11241100x80000000000000001756895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.711{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383e4785eefd1cd42022-02-14 08:47:33.711root 11241100x80000000000000001756896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.711{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6baa82846596b86d2022-02-14 08:47:33.711root 11241100x80000000000000001756897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.711{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78ef90b2d17cb212022-02-14 08:47:33.711root 11241100x80000000000000001756898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.711{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac19fa8fab221b32022-02-14 08:47:33.711root 11241100x80000000000000001756899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.712{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb8f4ca71db9f0f2022-02-14 08:47:33.712root 11241100x80000000000000001756900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.712{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bbdeb5af2ee7de2022-02-14 08:47:33.712root 11241100x80000000000000001756901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.712{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61b79097f8c12d02022-02-14 08:47:33.712root 11241100x80000000000000001756902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.712{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadb377bc5d2a2ba2022-02-14 08:47:33.712root 11241100x80000000000000001756903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.712{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a9c2c7ea53602c2022-02-14 08:47:33.712root 11241100x80000000000000001756904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.713{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a6143666d67fad2022-02-14 08:47:33.713root 11241100x80000000000000001756905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.713{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995f991e32c3713e2022-02-14 08:47:33.713root 11241100x80000000000000001756906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.714{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982e20a6c64567902022-02-14 08:47:33.714root 11241100x80000000000000001756907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.714{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67dfdeb096c2f9e42022-02-14 08:47:33.714root 11241100x80000000000000001756908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.714{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabd88c2d3efb5292022-02-14 08:47:33.714root 11241100x80000000000000001756909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.714{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705a990d68cb2ec92022-02-14 08:47:33.714root 11241100x80000000000000001756910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.714{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4368ca8d96939d232022-02-14 08:47:33.714root 11241100x80000000000000001756911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.714{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf7905093434a932022-02-14 08:47:33.714root 11241100x80000000000000001756912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde1a4963da6649b2022-02-14 08:47:33.715root 11241100x80000000000000001756913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b709056c0f6ebae2022-02-14 08:47:33.715root 11241100x80000000000000001756914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cecae3453e882832022-02-14 08:47:33.715root 11241100x80000000000000001756915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176931d9f33c71212022-02-14 08:47:33.715root 11241100x80000000000000001756916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.715{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cc065e253402cb2022-02-14 08:47:33.715root 11241100x80000000000000001756917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.716{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec15791979a63e862022-02-14 08:47:33.716root 11241100x80000000000000001756918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.716{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a6aa1c1d05dd312022-02-14 08:47:33.716root 11241100x80000000000000001756919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.716{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e242660f49d98402022-02-14 08:47:33.716root 11241100x80000000000000001756920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.716{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd62ac108d7f8bb72022-02-14 08:47:33.716root 11241100x80000000000000001756921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.716{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280727cd423981822022-02-14 08:47:33.716root 11241100x80000000000000001756922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.717{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131af026af97dfc42022-02-14 08:47:33.717root 11241100x80000000000000001756923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.717{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abb5e9716afebd12022-02-14 08:47:33.717root 11241100x80000000000000001756924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.717{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a50a7de51b98b22022-02-14 08:47:33.717root 11241100x80000000000000001756925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.717{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d98ae1e8b2db9e2022-02-14 08:47:33.717root 11241100x80000000000000001756926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.717{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef6afbbde1d8d272022-02-14 08:47:33.717root 11241100x80000000000000001756927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.718{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c15f032642f4cfc2022-02-14 08:47:33.718root 11241100x80000000000000001756928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.718{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296dde539fc0a7132022-02-14 08:47:33.718root 11241100x80000000000000001756929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.718{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd922920a95f8682022-02-14 08:47:33.718root 11241100x80000000000000001756930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.718{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e2dd438401ae992022-02-14 08:47:33.718root 11241100x80000000000000001756931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.718{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397c77b3dbdba4352022-02-14 08:47:33.718root 11241100x80000000000000001756932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.718{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4860de0cf579342022-02-14 08:47:33.718root 11241100x80000000000000001756933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.718{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e2679045f0072e2022-02-14 08:47:33.718root 11241100x80000000000000001756934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.718{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2acc5987608a2832022-02-14 08:47:33.718root 11241100x80000000000000001756935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.719{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8bdb5f77d6173b12022-02-14 08:47:33.719root 11241100x80000000000000001756936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.719{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533c6b14f8ea3cc52022-02-14 08:47:33.719root 11241100x80000000000000001756937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.719{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd9fcea4b8807a12022-02-14 08:47:33.719root 11241100x80000000000000001756938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.719{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718de708544e29012022-02-14 08:47:33.719root 11241100x80000000000000001756939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.719{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64580a239dfc5cbe2022-02-14 08:47:33.719root 11241100x80000000000000001756940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.719{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097416bcebf5366b2022-02-14 08:47:33.719root 11241100x80000000000000001756941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.719{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e329fae46504b922022-02-14 08:47:33.719root 11241100x80000000000000001756942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2591214bfb94a6f72022-02-14 08:47:33.720root 11241100x80000000000000001756943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e073dcae32ab712022-02-14 08:47:33.720root 11241100x80000000000000001756944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6075e7241cb8272022-02-14 08:47:33.720root 11241100x80000000000000001756945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e4611c09597a6f2022-02-14 08:47:33.720root 11241100x80000000000000001756946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c9eb1f1c54a7c82022-02-14 08:47:33.720root 11241100x80000000000000001756947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf27a06aadcd39f2022-02-14 08:47:33.720root 11241100x80000000000000001756948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.720{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0208e2157efa4e862022-02-14 08:47:33.720root 11241100x80000000000000001756949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb0762eb5d1459a2022-02-14 08:47:33.721root 11241100x80000000000000001756950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144bc120d36899ea2022-02-14 08:47:33.721root 11241100x80000000000000001756951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1ae0a17fcaa0cd2022-02-14 08:47:33.721root 11241100x80000000000000001756952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de2818f2ecee3882022-02-14 08:47:33.721root 11241100x80000000000000001756953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f906fc3c66fd9a62022-02-14 08:47:33.721root 11241100x80000000000000001756954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8adeeb5a833bf4fb2022-02-14 08:47:33.721root 11241100x80000000000000001756955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77aa60d7b255a8c2022-02-14 08:47:33.721root 11241100x80000000000000001756956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.721{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bc8e390b3bef662022-02-14 08:47:33.721root 11241100x80000000000000001756957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.722{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb8f060a332a8ff2022-02-14 08:47:33.722root 11241100x80000000000000001756958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.722{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54383ca70c40876b2022-02-14 08:47:33.722root 11241100x80000000000000001756959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.722{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b021476d4f8f672022-02-14 08:47:33.722root 11241100x80000000000000001756960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.722{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d0b994776337482022-02-14 08:47:33.722root 11241100x80000000000000001756961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.722{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91dad7fb8df5beeb2022-02-14 08:47:33.722root 11241100x80000000000000001756962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.722{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246a2ac0d9d8fe272022-02-14 08:47:33.722root 11241100x80000000000000001756963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.722{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e0c358cf663ed22022-02-14 08:47:33.722root 11241100x80000000000000001756964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.723{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184e6e637ae6c27c2022-02-14 08:47:33.723root 11241100x80000000000000001756965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.723{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542e5f3af12366cf2022-02-14 08:47:33.723root 11241100x80000000000000001756966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.723{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26079ea6bfaa77c2022-02-14 08:47:33.723root 11241100x80000000000000001756967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.723{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88e42465035e8c02022-02-14 08:47:33.723root 11241100x80000000000000001756968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.723{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bcb372552f3d082022-02-14 08:47:33.723root 11241100x80000000000000001756969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.723{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29115c74997064b92022-02-14 08:47:33.723root 11241100x80000000000000001756970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.723{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f22af98afe6346c2022-02-14 08:47:33.723root 11241100x80000000000000001756971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.723{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1b7b7f040692172022-02-14 08:47:33.723root 11241100x80000000000000001756972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f28f59291c60282022-02-14 08:47:33.724root 11241100x80000000000000001756973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fde7f4efc484032022-02-14 08:47:33.724root 11241100x80000000000000001756974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3362bfc2bad07c2022-02-14 08:47:33.724root 11241100x80000000000000001756975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1addd1a73ce061892022-02-14 08:47:33.724root 11241100x80000000000000001756976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566cc02e900a496b2022-02-14 08:47:33.724root 11241100x80000000000000001756977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.724{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4848d539f3dffb2022-02-14 08:47:33.724root 11241100x80000000000000001756978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.725{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b2d1eb51b4d21e2022-02-14 08:47:33.725root 11241100x80000000000000001756979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.725{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb700993aaf168a02022-02-14 08:47:33.725root 11241100x80000000000000001756980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.725{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8927ddf51d2512e2022-02-14 08:47:33.725root 11241100x80000000000000001756981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.725{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f578f7b925cbcb562022-02-14 08:47:33.725root 11241100x80000000000000001756982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.725{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e949b915bfc1c4b52022-02-14 08:47:33.725root 11241100x80000000000000001756983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.725{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37b3c826bb694aa2022-02-14 08:47:33.725root 11241100x80000000000000001756984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.725{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e37b318777008ba2022-02-14 08:47:33.725root 11241100x80000000000000001756985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1699e251fe9fa092022-02-14 08:47:33.727root 11241100x80000000000000001756986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e555f4d0c6d07b522022-02-14 08:47:33.727root 11241100x80000000000000001756987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb95e2d6f2b12eee2022-02-14 08:47:33.727root 11241100x80000000000000001756988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4160e32ac0619aae2022-02-14 08:47:33.727root 11241100x80000000000000001756989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6d382d99b6559f2022-02-14 08:47:33.727root 11241100x80000000000000001756990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31469808a5c76b0d2022-02-14 08:47:33.727root 11241100x80000000000000001756991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b495ac05eea4822f2022-02-14 08:47:33.727root 11241100x80000000000000001756992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24518f6de9b296292022-02-14 08:47:33.727root 11241100x80000000000000001756993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f606b451669c2b2022-02-14 08:47:33.727root 11241100x80000000000000001756994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36013030ecbfe27d2022-02-14 08:47:33.727root 11241100x80000000000000001756995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb11532d4e6d9c202022-02-14 08:47:33.727root 11241100x80000000000000001756996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a079f32e5331acf2022-02-14 08:47:33.727root 11241100x80000000000000001756997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.727{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb49ad8edfc557d2022-02-14 08:47:33.727root 11241100x80000000000000001756998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70a98d05600df232022-02-14 08:47:33.728root 11241100x80000000000000001756999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c6f91b827d53ce2022-02-14 08:47:33.728root 11241100x80000000000000001757000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17aba923ae7e33752022-02-14 08:47:33.728root 11241100x80000000000000001757001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85692174ff17154a2022-02-14 08:47:33.728root 11241100x80000000000000001757002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505c61f8bc2b9ec12022-02-14 08:47:33.728root 11241100x80000000000000001757003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba670538b1b2857b2022-02-14 08:47:33.728root 11241100x80000000000000001757004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87477d1d617acfc32022-02-14 08:47:33.728root 11241100x80000000000000001757005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8decc059beef26572022-02-14 08:47:33.728root 11241100x80000000000000001757006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261095c3d61646752022-02-14 08:47:33.728root 11241100x80000000000000001757007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87b209a48bda6342022-02-14 08:47:33.728root 11241100x80000000000000001757008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b8385c6ad0f0372022-02-14 08:47:33.728root 11241100x80000000000000001757009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756e5c1ad13610582022-02-14 08:47:33.728root 11241100x80000000000000001757010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce68c7f8352ac8902022-02-14 08:47:33.728root 11241100x80000000000000001757011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c757c15be1e3b7722022-02-14 08:47:33.728root 11241100x80000000000000001757012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ece3b99c0d0fec2022-02-14 08:47:33.728root 11241100x80000000000000001757013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.728{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322265b27196c8402022-02-14 08:47:33.728root 11241100x80000000000000001757014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a3b1d49f232dfe2022-02-14 08:47:33.729root 11241100x80000000000000001757015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8e6f08356bef022022-02-14 08:47:33.729root 11241100x80000000000000001757016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b90af39e249e642022-02-14 08:47:33.729root 11241100x80000000000000001757017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00b8d4b521f2de52022-02-14 08:47:33.729root 11241100x80000000000000001757018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020c53d296aef3302022-02-14 08:47:33.729root 11241100x80000000000000001757019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63638c2a1ec51a62022-02-14 08:47:33.729root 11241100x80000000000000001757020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa151b7ac24dec262022-02-14 08:47:33.729root 11241100x80000000000000001757021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.729{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac93407093aea4522022-02-14 08:47:33.729root 11241100x80000000000000001757022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e5881fdd9f09e22022-02-14 08:47:33.730root 11241100x80000000000000001757023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b865928c7c5adfc32022-02-14 08:47:33.730root 11241100x80000000000000001757024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6854a55073444b2022-02-14 08:47:33.730root 11241100x80000000000000001757025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97fe74f9a51a53a2022-02-14 08:47:33.730root 11241100x80000000000000001757026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e2ac79538b0f512022-02-14 08:47:33.730root 11241100x80000000000000001757027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741ac8628167391c2022-02-14 08:47:33.730root 11241100x80000000000000001757028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.730{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcc9a2b32d9d24c2022-02-14 08:47:33.730root 11241100x80000000000000001757029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9dd0adbdb4fcc22022-02-14 08:47:33.731root 11241100x80000000000000001757030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7282c559df0a9a2022-02-14 08:47:33.731root 11241100x80000000000000001757031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1167e0026adc877a2022-02-14 08:47:33.731root 11241100x80000000000000001757032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e27a563c05c05002022-02-14 08:47:33.731root 11241100x80000000000000001757033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b5eaa8714267e92022-02-14 08:47:33.731root 11241100x80000000000000001757034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1811b027a0d35ffc2022-02-14 08:47:33.731root 11241100x80000000000000001757035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99d250faf91e6f52022-02-14 08:47:33.731root 11241100x80000000000000001757036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.731{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d6bb65ea3fbc792022-02-14 08:47:33.731root 11241100x80000000000000001757037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7425f0e9ec384902022-02-14 08:47:33.732root 11241100x80000000000000001757038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3770be0f0ea58de2022-02-14 08:47:33.732root 11241100x80000000000000001757039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa265b85cea313c42022-02-14 08:47:33.732root 11241100x80000000000000001757040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7c73c8bf59aac22022-02-14 08:47:33.732root 11241100x80000000000000001757041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524ab92896fa3afd2022-02-14 08:47:33.732root 11241100x80000000000000001757042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960e326ea379c6792022-02-14 08:47:33.732root 11241100x80000000000000001757043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f14722c334bcb82022-02-14 08:47:33.732root 11241100x80000000000000001757044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.732{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce20c04091d7d3532022-02-14 08:47:33.732root 11241100x80000000000000001757045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.733{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5522431e7b4c687a2022-02-14 08:47:33.733root 11241100x80000000000000001757046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.733{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632298ae487266912022-02-14 08:47:33.733root 11241100x80000000000000001757047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.733{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbedb513712328a2022-02-14 08:47:33.733root 11241100x80000000000000001757048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.733{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb04a8b9cfeb50f2022-02-14 08:47:33.733root 11241100x80000000000000001757049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.733{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909401beb05939a42022-02-14 08:47:33.733root 11241100x80000000000000001757050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04344bca4743a8c2022-02-14 08:47:33.734root 11241100x80000000000000001757051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61427c0f7b18f7752022-02-14 08:47:33.734root 11241100x80000000000000001757052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6ef7dfce43157d2022-02-14 08:47:33.734root 11241100x80000000000000001757053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bd34362defa44e2022-02-14 08:47:33.734root 11241100x80000000000000001757054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192efdc07ce5f9942022-02-14 08:47:33.734root 11241100x80000000000000001757055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f27cd45d26337a2022-02-14 08:47:33.734root 11241100x80000000000000001757056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25f3c3e945f49442022-02-14 08:47:33.734root 11241100x80000000000000001757057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068fdf2f3933d7d62022-02-14 08:47:33.734root 11241100x80000000000000001757058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8c7b5b570f30ab2022-02-14 08:47:33.734root 11241100x80000000000000001757059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc18f78f9aab3ab82022-02-14 08:47:33.734root 11241100x80000000000000001757060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42729b870a1e618a2022-02-14 08:47:33.734root 11241100x80000000000000001757061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ebdf5d129477f12022-02-14 08:47:33.734root 11241100x80000000000000001757062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.734{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a14e78aed3088962022-02-14 08:47:33.734root 11241100x80000000000000001757063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75a89e36c4895af2022-02-14 08:47:33.735root 11241100x80000000000000001757064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b808aa3fd3d201252022-02-14 08:47:33.735root 11241100x80000000000000001757065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f73dc5f0235e1b02022-02-14 08:47:33.735root 11241100x80000000000000001757066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5d346d52fb82e32022-02-14 08:47:33.735root 11241100x80000000000000001757067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fffa9ee1b15d852022-02-14 08:47:33.735root 11241100x80000000000000001757068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d76960949ea46232022-02-14 08:47:33.735root 11241100x80000000000000001757069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0d0d53e4772b4e2022-02-14 08:47:33.735root 11241100x80000000000000001757070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d025421c109aaf92022-02-14 08:47:33.735root 11241100x80000000000000001757071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7616499bdff2d7492022-02-14 08:47:33.735root 11241100x80000000000000001757072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9429d880306d782022-02-14 08:47:33.735root 11241100x80000000000000001757073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de39d3056948637f2022-02-14 08:47:33.735root 11241100x80000000000000001757074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248a95c0b8c5cbc52022-02-14 08:47:33.735root 11241100x80000000000000001757075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c065eaf7ac20a72022-02-14 08:47:33.735root 11241100x80000000000000001757076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.735{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b44a555a4a86e02022-02-14 08:47:33.735root 11241100x80000000000000001757077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cac1ff8172d79662022-02-14 08:47:33.736root 11241100x80000000000000001757078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982308ff7c6110b92022-02-14 08:47:33.736root 11241100x80000000000000001757079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e67020730ca2c12022-02-14 08:47:33.736root 11241100x80000000000000001757080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b24c031f3385702022-02-14 08:47:33.736root 11241100x80000000000000001757081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3549de6921fc3272022-02-14 08:47:33.736root 11241100x80000000000000001757082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6831842fed6b832e2022-02-14 08:47:33.736root 11241100x80000000000000001757083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abac9b7af1d15a682022-02-14 08:47:33.736root 11241100x80000000000000001757084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca6c88e663bc7832022-02-14 08:47:33.736root 11241100x80000000000000001757085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a2b741eeb004d02022-02-14 08:47:33.736root 11241100x80000000000000001757086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9e3db17705c7922022-02-14 08:47:33.736root 11241100x80000000000000001757087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0678eafeb54425fa2022-02-14 08:47:33.736root 11241100x80000000000000001757088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69883e934d495dbc2022-02-14 08:47:33.736root 11241100x80000000000000001757089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dacd339ca698492022-02-14 08:47:33.736root 11241100x80000000000000001757090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.736{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24724448145a60412022-02-14 08:47:33.736root 11241100x80000000000000001757091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.737{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765121cf39f6d23d2022-02-14 08:47:33.737root 11241100x80000000000000001757092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.737{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa311f9bb267eeb92022-02-14 08:47:33.737root 11241100x80000000000000001757093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.737{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d843afe5926b088b2022-02-14 08:47:33.737root 11241100x80000000000000001757094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.737{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4ace67973a0f0c2022-02-14 08:47:33.737root 11241100x80000000000000001757095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:33.737{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a442ca4fc21cf0b2022-02-14 08:47:33.737root 11241100x80000000000000001757096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1411ccbb3f1b61052022-02-14 08:47:34.180root 11241100x80000000000000001757097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85afe7adef2a79632022-02-14 08:47:34.180root 11241100x80000000000000001757098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1940a04b6fb3e98a2022-02-14 08:47:34.180root 11241100x80000000000000001757099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27ba23fb93020222022-02-14 08:47:34.181root 11241100x80000000000000001757100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bf266bd378212e2022-02-14 08:47:34.181root 11241100x80000000000000001757101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c069ca3d9680ac2022-02-14 08:47:34.181root 11241100x80000000000000001757102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6bd6a46af8d48e2022-02-14 08:47:34.181root 11241100x80000000000000001757103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c174d5a7e612aa2022-02-14 08:47:34.181root 11241100x80000000000000001757104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4415bcd10eb7caa2022-02-14 08:47:34.181root 11241100x80000000000000001757105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6da1901e15d55552022-02-14 08:47:34.181root 11241100x80000000000000001757106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c8650c2c2300c62022-02-14 08:47:34.182root 11241100x80000000000000001757107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66895ba3f52ea3b02022-02-14 08:47:34.182root 11241100x80000000000000001757108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c61790c67471c92022-02-14 08:47:34.182root 11241100x80000000000000001757109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70abfaee7d11d97d2022-02-14 08:47:34.182root 11241100x80000000000000001757110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4a2200553702352022-02-14 08:47:34.183root 11241100x80000000000000001757111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb8d023df1b86d62022-02-14 08:47:34.183root 11241100x80000000000000001757112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.183{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f067b48c57aa90aa2022-02-14 08:47:34.183root 11241100x80000000000000001757113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e941df6a75cd3842022-02-14 08:47:34.184root 11241100x80000000000000001757114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c8ffd110ea58bc2022-02-14 08:47:34.184root 11241100x80000000000000001757115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a67ddb2bb571542022-02-14 08:47:34.184root 11241100x80000000000000001757116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241a73abfd74d9da2022-02-14 08:47:34.185root 11241100x80000000000000001757117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fd82c07b7e23772022-02-14 08:47:34.185root 11241100x80000000000000001757118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a457deafdf45841c2022-02-14 08:47:34.185root 11241100x80000000000000001757119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939708858f84199d2022-02-14 08:47:34.185root 11241100x80000000000000001757120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3070756349786ec2022-02-14 08:47:34.185root 11241100x80000000000000001757121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba460e0cfe480182022-02-14 08:47:34.185root 11241100x80000000000000001757122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.185{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbcb25efa0b6bf82022-02-14 08:47:34.185root 11241100x80000000000000001757123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3edaef6404251e82022-02-14 08:47:34.186root 11241100x80000000000000001757124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014ddc835c00e28f2022-02-14 08:47:34.186root 11241100x80000000000000001757125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90475c1c0f3772762022-02-14 08:47:34.186root 11241100x80000000000000001757126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22100db9d9348f5b2022-02-14 08:47:34.186root 11241100x80000000000000001757127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c721add2395765602022-02-14 08:47:34.186root 11241100x80000000000000001757128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b818774fe15aea42022-02-14 08:47:34.186root 11241100x80000000000000001757129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b825a48dfdcc47c2022-02-14 08:47:34.186root 11241100x80000000000000001757130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae860e98d3a03192022-02-14 08:47:34.186root 11241100x80000000000000001757131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b7b6e7f49dd2da2022-02-14 08:47:34.186root 11241100x80000000000000001757132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71068b936921a0622022-02-14 08:47:34.186root 11241100x80000000000000001757133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c573e4c5020e1142022-02-14 08:47:34.186root 11241100x80000000000000001757134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec89cbf09fabfe332022-02-14 08:47:34.186root 11241100x80000000000000001757135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac3368cd85524462022-02-14 08:47:34.186root 11241100x80000000000000001757136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad3f589289435b52022-02-14 08:47:34.186root 11241100x80000000000000001757137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.186{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3b17657d13f25a2022-02-14 08:47:34.186root 11241100x80000000000000001757138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902d66dda321dacb2022-02-14 08:47:34.187root 11241100x80000000000000001757139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7db51a823a34952022-02-14 08:47:34.187root 11241100x80000000000000001757140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97c530b173d06132022-02-14 08:47:34.187root 11241100x80000000000000001757141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe993802cc2a04092022-02-14 08:47:34.187root 11241100x80000000000000001757142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ea0643c1388afe2022-02-14 08:47:34.187root 11241100x80000000000000001757143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55ca1e7157ada052022-02-14 08:47:34.187root 11241100x80000000000000001757144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df0c5455e6f88312022-02-14 08:47:34.187root 11241100x80000000000000001757145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea6b5eabfdfc7b82022-02-14 08:47:34.187root 11241100x80000000000000001757146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0fd30c45ac27812022-02-14 08:47:34.187root 11241100x80000000000000001757147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8745001e694633552022-02-14 08:47:34.187root 11241100x80000000000000001757148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e7b0089a3c3f832022-02-14 08:47:34.187root 11241100x80000000000000001757149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa90b530e889bd472022-02-14 08:47:34.187root 11241100x80000000000000001757150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2447b6e5bd5c03c32022-02-14 08:47:34.187root 11241100x80000000000000001757151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde2ce56f5bf0f8c2022-02-14 08:47:34.187root 11241100x80000000000000001757152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38aa6901eaf1a372022-02-14 08:47:34.187root 11241100x80000000000000001757153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.187{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f994a3b74bfaeb4b2022-02-14 08:47:34.187root 11241100x80000000000000001757154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16633aba55b21ff32022-02-14 08:47:34.188root 11241100x80000000000000001757155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6549e73c16adbf52022-02-14 08:47:34.188root 11241100x80000000000000001757156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7162f666a72385352022-02-14 08:47:34.188root 11241100x80000000000000001757157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28e5ba2779001282022-02-14 08:47:34.188root 11241100x80000000000000001757158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25030dcc838922d12022-02-14 08:47:34.188root 11241100x80000000000000001757159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570ab30d86758fb82022-02-14 08:47:34.188root 11241100x80000000000000001757160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67622770609fed462022-02-14 08:47:34.188root 11241100x80000000000000001757161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9270e680a33bf3992022-02-14 08:47:34.188root 11241100x80000000000000001757162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77080ac6c02f9582022-02-14 08:47:34.188root 11241100x80000000000000001757163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd6fbf1f120ad0e2022-02-14 08:47:34.188root 11241100x80000000000000001757164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f647787cf3c77b332022-02-14 08:47:34.188root 11241100x80000000000000001757165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4a7ad67edcb9562022-02-14 08:47:34.188root 11241100x80000000000000001757166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3589ac1003ee3c3a2022-02-14 08:47:34.188root 11241100x80000000000000001757167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f2aa035308bf692022-02-14 08:47:34.188root 11241100x80000000000000001757168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.188{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f93b18699a8d012022-02-14 08:47:34.188root 11241100x80000000000000001757169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28084c043bfc95e42022-02-14 08:47:34.189root 11241100x80000000000000001757170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138bf923d8ce5b7d2022-02-14 08:47:34.189root 11241100x80000000000000001757171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414a462a55819fa52022-02-14 08:47:34.189root 11241100x80000000000000001757172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7364ea75bff927fa2022-02-14 08:47:34.189root 11241100x80000000000000001757173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc06f7a15a7187c2022-02-14 08:47:34.189root 11241100x80000000000000001757174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622afe50e9648b432022-02-14 08:47:34.189root 11241100x80000000000000001757175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f576358c7af77a872022-02-14 08:47:34.189root 11241100x80000000000000001757176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1f2ae87d9b24dc2022-02-14 08:47:34.189root 11241100x80000000000000001757177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c969887bf36a42d2022-02-14 08:47:34.189root 11241100x80000000000000001757178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7900a9242f4e47a2022-02-14 08:47:34.189root 11241100x80000000000000001757179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2281aa8028e052c72022-02-14 08:47:34.189root 11241100x80000000000000001757180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d581b2b1a2fbe62022-02-14 08:47:34.189root 11241100x80000000000000001757181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a29fd5ce78223bf2022-02-14 08:47:34.189root 11241100x80000000000000001757182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d977876c3b45cb872022-02-14 08:47:34.190root 11241100x80000000000000001757183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d54172b6bfa4b12022-02-14 08:47:34.190root 11241100x80000000000000001757184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7261965c3b5499e42022-02-14 08:47:34.190root 11241100x80000000000000001757185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc8c302efc717e92022-02-14 08:47:34.190root 11241100x80000000000000001757186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83cb41856f12b1fd2022-02-14 08:47:34.190root 11241100x80000000000000001757187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5995417239c62c802022-02-14 08:47:34.190root 11241100x80000000000000001757188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca5bc38be397c212022-02-14 08:47:34.190root 11241100x80000000000000001757189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83093e4e8f82b3952022-02-14 08:47:34.191root 11241100x80000000000000001757190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b932ddb79a716f2022-02-14 08:47:34.191root 11241100x80000000000000001757191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9d06d42697f1ca2022-02-14 08:47:34.191root 11241100x80000000000000001757192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8122f769063a73602022-02-14 08:47:34.191root 11241100x80000000000000001757193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3fed904f8231ce2022-02-14 08:47:34.191root 11241100x80000000000000001757194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9635a1150e1bdc2022-02-14 08:47:34.191root 11241100x80000000000000001757195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945da2c4490dac492022-02-14 08:47:34.191root 11241100x80000000000000001757196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1878890176ba849b2022-02-14 08:47:34.191root 11241100x80000000000000001757197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.191{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1897aa9419839bcb2022-02-14 08:47:34.191root 11241100x80000000000000001757198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0718f74814e068312022-02-14 08:47:34.192root 11241100x80000000000000001757199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8443ee216eecfad92022-02-14 08:47:34.192root 11241100x80000000000000001757200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4cc4ea5ac77a5a2022-02-14 08:47:34.192root 11241100x80000000000000001757201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.192{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee933716917af9a22022-02-14 08:47:34.192root 11241100x80000000000000001757202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa055c4c79224a72022-02-14 08:47:34.193root 11241100x80000000000000001757203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d1f5c810149f432022-02-14 08:47:34.193root 11241100x80000000000000001757204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a00ec71ea259ba2022-02-14 08:47:34.193root 11241100x80000000000000001757205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af66e61168ea75482022-02-14 08:47:34.193root 11241100x80000000000000001757206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c08508fbfe129dd2022-02-14 08:47:34.193root 11241100x80000000000000001757207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349240cf3c988a612022-02-14 08:47:34.193root 11241100x80000000000000001757208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec4f129bf6509f42022-02-14 08:47:34.193root 11241100x80000000000000001757209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.193{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c306a877e2620bd2022-02-14 08:47:34.193root 11241100x80000000000000001757210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91d2cd859bbf49a2022-02-14 08:47:34.194root 11241100x80000000000000001757211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5e9533eff34ab02022-02-14 08:47:34.194root 11241100x80000000000000001757212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b520cc43bfd839bb2022-02-14 08:47:34.194root 11241100x80000000000000001757213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87f903e704a3bd12022-02-14 08:47:34.194root 11241100x80000000000000001757214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c6eb9dc634e3e92022-02-14 08:47:34.194root 11241100x80000000000000001757215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1790c5ad8eeb54302022-02-14 08:47:34.194root 11241100x80000000000000001757216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.194{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa17f427ac534fd2022-02-14 08:47:34.194root 11241100x80000000000000001757217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc46a9681ab887c2022-02-14 08:47:34.195root 11241100x80000000000000001757218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ceabc0bd6f3ae12022-02-14 08:47:34.195root 11241100x80000000000000001757219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb44b7ffac7a27d82022-02-14 08:47:34.195root 11241100x80000000000000001757220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21eb827b6005f8102022-02-14 08:47:34.195root 11241100x80000000000000001757221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0fc9f7e1a52eb02022-02-14 08:47:34.195root 11241100x80000000000000001757222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c1f9b1329dba8d2022-02-14 08:47:34.195root 11241100x80000000000000001757223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582cd495f1f6529c2022-02-14 08:47:34.195root 11241100x80000000000000001757224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.195{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a9a7eed9c0df112022-02-14 08:47:34.195root 11241100x80000000000000001757225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423adc34f4df10102022-02-14 08:47:34.196root 11241100x80000000000000001757226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57550a6d351f04c72022-02-14 08:47:34.196root 11241100x80000000000000001757227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bba4e868cca8c862022-02-14 08:47:34.196root 11241100x80000000000000001757228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfe1d56db4ab6c42022-02-14 08:47:34.196root 11241100x80000000000000001757229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948047fd541ea63b2022-02-14 08:47:34.196root 11241100x80000000000000001757230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.196{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb235255e4e5fe72022-02-14 08:47:34.196root 11241100x80000000000000001757231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96b678fe3808cbf2022-02-14 08:47:34.197root 11241100x80000000000000001757232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5d81b839c4a6052022-02-14 08:47:34.197root 11241100x80000000000000001757233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720713ed0accdbe22022-02-14 08:47:34.197root 11241100x80000000000000001757234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeaac39d691fca682022-02-14 08:47:34.197root 11241100x80000000000000001757235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4d59df9c26b2b92022-02-14 08:47:34.197root 11241100x80000000000000001757236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dca7bd3f583cf5e2022-02-14 08:47:34.197root 11241100x80000000000000001757237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb797c2af3d92552022-02-14 08:47:34.197root 11241100x80000000000000001757238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.197{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f26cd9f011c67f02022-02-14 08:47:34.197root 11241100x80000000000000001757239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49232d7bfcddfa8a2022-02-14 08:47:34.198root 11241100x80000000000000001757240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81d09e6b1b09fd92022-02-14 08:47:34.198root 11241100x80000000000000001757241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fa9bc5738f53a72022-02-14 08:47:34.198root 11241100x80000000000000001757242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3235559f07073232022-02-14 08:47:34.198root 11241100x80000000000000001757243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e923b0bf14a80b652022-02-14 08:47:34.198root 11241100x80000000000000001757244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326cce03f63007022022-02-14 08:47:34.198root 11241100x80000000000000001757245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ff16aefe55783f2022-02-14 08:47:34.198root 11241100x80000000000000001757246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e0562c9dae53f42022-02-14 08:47:34.198root 11241100x80000000000000001757247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.198{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c003f35d06841cb2022-02-14 08:47:34.198root 11241100x80000000000000001757248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.199{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e56db9ff72d09c2022-02-14 08:47:34.199root 11241100x80000000000000001757249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.199{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4eb98aa56a37a22022-02-14 08:47:34.199root 11241100x80000000000000001757250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.199{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41651a595c70ef592022-02-14 08:47:34.199root 11241100x80000000000000001757251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.199{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738eeaf8ebcf2a212022-02-14 08:47:34.199root 11241100x80000000000000001757252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.199{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3530ef26acb076a42022-02-14 08:47:34.199root 11241100x80000000000000001757253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.199{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2033ab6fc1bf9c112022-02-14 08:47:34.199root 11241100x80000000000000001757254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.200{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400c0b26d3182db22022-02-14 08:47:34.200root 11241100x80000000000000001757255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.200{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605e2052abc5625f2022-02-14 08:47:34.200root 11241100x80000000000000001757256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.200{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d875385f4405532022-02-14 08:47:34.200root 11241100x80000000000000001757257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.200{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a7f4826cf7a70a2022-02-14 08:47:34.200root 11241100x80000000000000001757258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.200{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299608b5ddf5d4e72022-02-14 08:47:34.200root 11241100x80000000000000001757259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.200{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4929491165d38a992022-02-14 08:47:34.200root 11241100x80000000000000001757260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.200{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9420b6f5264a672022-02-14 08:47:34.200root 11241100x80000000000000001757261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.200{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5755e0678e6da43b2022-02-14 08:47:34.200root 11241100x80000000000000001757262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.201{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43e75c6d0be7f082022-02-14 08:47:34.201root 11241100x80000000000000001757263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.201{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1876ac6a4338cafe2022-02-14 08:47:34.201root 11241100x80000000000000001757264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.201{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bb7e42cd2f4e292022-02-14 08:47:34.201root 11241100x80000000000000001757265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.201{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90b57f8bf53ed4a2022-02-14 08:47:34.201root 11241100x80000000000000001757266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.201{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a627a600326d6a712022-02-14 08:47:34.201root 11241100x80000000000000001757267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.201{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f8ebba84050bd92022-02-14 08:47:34.201root 11241100x80000000000000001757268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.201{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc4294be1dc47172022-02-14 08:47:34.201root 11241100x80000000000000001757269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.201{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64eaeacf593f37c22022-02-14 08:47:34.201root 11241100x80000000000000001757270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.202{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af831dbd553948f2022-02-14 08:47:34.202root 11241100x80000000000000001757271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0fe5159310abe1f2022-02-14 08:47:34.203root 11241100x80000000000000001757272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830832d604961b012022-02-14 08:47:34.203root 11241100x80000000000000001757273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51900b6a85167b582022-02-14 08:47:34.203root 11241100x80000000000000001757274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b148f0a8327322d42022-02-14 08:47:34.203root 11241100x80000000000000001757275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b7fe8b4796342b2022-02-14 08:47:34.203root 11241100x80000000000000001757276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c871378f7e971f4f2022-02-14 08:47:34.203root 11241100x80000000000000001757277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a909308829da262022-02-14 08:47:34.203root 11241100x80000000000000001757278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb32418d13f2355f2022-02-14 08:47:34.203root 11241100x80000000000000001757279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c22279804704d1b2022-02-14 08:47:34.203root 11241100x80000000000000001757280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32f07b9e158f18c2022-02-14 08:47:34.203root 11241100x80000000000000001757281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc260c4907edc1f2022-02-14 08:47:34.203root 11241100x80000000000000001757282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.203{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b874c06a9825ffbb2022-02-14 08:47:34.203root 11241100x80000000000000001757283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060bb4f2982e7f942022-02-14 08:47:34.204root 11241100x80000000000000001757284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0777dfc8ecb74c692022-02-14 08:47:34.204root 11241100x80000000000000001757285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08df1c634d3f4ced2022-02-14 08:47:34.204root 11241100x80000000000000001757286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.204{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8949ad58b5b5be602022-02-14 08:47:34.204root 11241100x80000000000000001757287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d804fb4d7bcf582022-02-14 08:47:34.205root 11241100x80000000000000001757288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088dea8b7db9fd872022-02-14 08:47:34.205root 11241100x80000000000000001757289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1f01ead6d0b8822022-02-14 08:47:34.205root 11241100x80000000000000001757290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d67bcb578651c832022-02-14 08:47:34.205root 11241100x80000000000000001757291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b678e18215d0162022-02-14 08:47:34.205root 11241100x80000000000000001757292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bd3c850a120c852022-02-14 08:47:34.205root 11241100x80000000000000001757293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6c2d82342e17262022-02-14 08:47:34.205root 11241100x80000000000000001757294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5696132c4b78540e2022-02-14 08:47:34.205root 11241100x80000000000000001757295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164ae99386082bd42022-02-14 08:47:34.205root 11241100x80000000000000001757296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d101d3b92d7b38d72022-02-14 08:47:34.205root 11241100x80000000000000001757297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160a33c72a1f4f702022-02-14 08:47:34.205root 11241100x80000000000000001757298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e956951fd320b19b2022-02-14 08:47:34.205root 11241100x80000000000000001757299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7d919aed89821d2022-02-14 08:47:34.205root 11241100x80000000000000001757300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1203c17613202b2022-02-14 08:47:34.205root 11241100x80000000000000001757301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef567ca1fa2b24d2022-02-14 08:47:34.205root 11241100x80000000000000001757302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.205{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c5628da82e09f02022-02-14 08:47:34.205root 11241100x80000000000000001757303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045b096d70c6001a2022-02-14 08:47:34.206root 11241100x80000000000000001757304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ea578acc949ebf2022-02-14 08:47:34.206root 11241100x80000000000000001757305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819657579d7442882022-02-14 08:47:34.206root 11241100x80000000000000001757306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77ad4a3b42330be2022-02-14 08:47:34.206root 11241100x80000000000000001757307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75465e788d10ef452022-02-14 08:47:34.206root 11241100x80000000000000001757308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd099116400f7692022-02-14 08:47:34.206root 11241100x80000000000000001757309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8674ce61d7509dbd2022-02-14 08:47:34.206root 11241100x80000000000000001757310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f5771d86d91ed02022-02-14 08:47:34.206root 11241100x80000000000000001757311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4047804834c96c72022-02-14 08:47:34.206root 11241100x80000000000000001757312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27972377fbff1ae92022-02-14 08:47:34.206root 11241100x80000000000000001757313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a402dffefd0f842022-02-14 08:47:34.206root 11241100x80000000000000001757314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6ef51f49b001c52022-02-14 08:47:34.206root 11241100x80000000000000001757315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6265127169fa9542022-02-14 08:47:34.206root 11241100x80000000000000001757316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.206{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcd412c1d51e0b52022-02-14 08:47:34.206root 11241100x80000000000000001757317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1385fff5fd4b7e742022-02-14 08:47:34.208root 11241100x80000000000000001757318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.208{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c13aa831d26e4072022-02-14 08:47:34.208root 11241100x80000000000000001757319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9a8ec1c91f16b92022-02-14 08:47:34.209root 11241100x80000000000000001757320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407cfc006b655fa22022-02-14 08:47:34.209root 11241100x80000000000000001757321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41e0fa78a16e9162022-02-14 08:47:34.209root 11241100x80000000000000001757322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f257f0a65dc5d952022-02-14 08:47:34.209root 11241100x80000000000000001757323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d9a3a5562e1b122022-02-14 08:47:34.209root 11241100x80000000000000001757324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e00def565839c62022-02-14 08:47:34.209root 11241100x80000000000000001757325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ea3595929c12d62022-02-14 08:47:34.209root 11241100x80000000000000001757326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.209{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c88ecc193754fe2022-02-14 08:47:34.209root 11241100x80000000000000001757327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3a15447bf823bf2022-02-14 08:47:34.210root 11241100x80000000000000001757328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26cf2346cf5fb8d92022-02-14 08:47:34.210root 11241100x80000000000000001757329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.210{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf94dd16713601b2022-02-14 08:47:34.210root 11241100x80000000000000001757330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c5ff3102bd23222022-02-14 08:47:34.211root 11241100x80000000000000001757331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76b90eed2a8e35b2022-02-14 08:47:34.211root 11241100x80000000000000001757332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919d56b4aea25a262022-02-14 08:47:34.211root 11241100x80000000000000001757333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e06159e493699d2022-02-14 08:47:34.211root 11241100x80000000000000001757334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.211{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2993e027a267cfbb2022-02-14 08:47:34.211root 11241100x80000000000000001757335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ece4d43941d0f72022-02-14 08:47:34.212root 11241100x80000000000000001757336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f024190f2935362022-02-14 08:47:34.212root 11241100x80000000000000001757337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4689ebd4ca5573412022-02-14 08:47:34.212root 11241100x80000000000000001757338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235b1ed47e0f2c582022-02-14 08:47:34.212root 11241100x80000000000000001757339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88dc1a009c8f095e2022-02-14 08:47:34.212root 11241100x80000000000000001757340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51a58062fd926bc2022-02-14 08:47:34.212root 11241100x80000000000000001757341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdcb61075fa97052022-02-14 08:47:34.212root 11241100x80000000000000001757342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8c2a848dbbff632022-02-14 08:47:34.213root 11241100x80000000000000001757343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6d51f6826ed1752022-02-14 08:47:34.213root 11241100x80000000000000001757344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03c9cf330e02fed2022-02-14 08:47:34.213root 11241100x80000000000000001757345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2494c0654f334daf2022-02-14 08:47:34.213root 11241100x80000000000000001757346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2583dd00d65cedb92022-02-14 08:47:34.213root 11241100x80000000000000001757347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bef55ede3cc654b2022-02-14 08:47:34.213root 11241100x80000000000000001757348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3102f4a7291bd9b2022-02-14 08:47:34.213root 11241100x80000000000000001757349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9348a52f3841f6b2022-02-14 08:47:34.213root 11241100x80000000000000001757350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27afc8f9d7d71bd2022-02-14 08:47:34.213root 11241100x80000000000000001757351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0101ca907cdbd22022-02-14 08:47:34.214root 11241100x80000000000000001757352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42fda1f6d7f6f9342022-02-14 08:47:34.214root 11241100x80000000000000001757353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eca7d942376da742022-02-14 08:47:34.214root 11241100x80000000000000001757354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdc6db10c5f744c2022-02-14 08:47:34.214root 11241100x80000000000000001757355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118a3bed47f978dd2022-02-14 08:47:34.214root 11241100x80000000000000001757356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1930b4a70fa0c95c2022-02-14 08:47:34.214root 11241100x80000000000000001757357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.215{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b8d97a5363bea52022-02-14 08:47:34.215root 11241100x80000000000000001757358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.215{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7bb7170fb2712922022-02-14 08:47:34.215root 11241100x80000000000000001757359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.215{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0788448fa855f0e22022-02-14 08:47:34.215root 11241100x80000000000000001757360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.215{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642ae8d3df06bcad2022-02-14 08:47:34.215root 11241100x80000000000000001757361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.215{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee9d2ef3d02a92d2022-02-14 08:47:34.215root 11241100x80000000000000001757362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.215{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b98caed701a565b2022-02-14 08:47:34.215root 11241100x80000000000000001757363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.215{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e639ec29f34dea2022-02-14 08:47:34.215root 11241100x80000000000000001757364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.215{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b18d0dd113b37d2022-02-14 08:47:34.215root 11241100x80000000000000001757365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.215{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179cc7dee9a073812022-02-14 08:47:34.215root 11241100x80000000000000001757366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.215{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8547a46c2f74372022-02-14 08:47:34.215root 11241100x80000000000000001757367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f421621f6936702022-02-14 08:47:34.216root 11241100x80000000000000001757368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a084a3738c7d4de2022-02-14 08:47:34.216root 11241100x80000000000000001757369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ea4c470ef7d08a2022-02-14 08:47:34.216root 11241100x80000000000000001757370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf6ef3f0d96016d2022-02-14 08:47:34.216root 11241100x80000000000000001757371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179e4dd71498c5342022-02-14 08:47:34.216root 11241100x80000000000000001757372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0428e344bd7938f92022-02-14 08:47:34.216root 11241100x80000000000000001757373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.216{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e93cfc3af12f0a2022-02-14 08:47:34.216root 11241100x80000000000000001757374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.217{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b923054b3a033b2022-02-14 08:47:34.217root 11241100x80000000000000001757375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.217{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a909d4dc0d6fa92022-02-14 08:47:34.217root 11241100x80000000000000001757376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.217{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3748ac18051cd22022-02-14 08:47:34.217root 11241100x80000000000000001757377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.217{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c9c8da7b6fa3a52022-02-14 08:47:34.217root 11241100x80000000000000001757378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.217{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d394af307b2d7ef02022-02-14 08:47:34.217root 11241100x80000000000000001757379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.217{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f8a6691c6c97302022-02-14 08:47:34.217root 11241100x80000000000000001757380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.218{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0d9e020bdf4ebf2022-02-14 08:47:34.218root 11241100x80000000000000001757381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.218{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1a5a3ccfaffcf92022-02-14 08:47:34.218root 11241100x80000000000000001757382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.218{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6292a0bb814e19b92022-02-14 08:47:34.218root 11241100x80000000000000001757383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.218{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499e4730769ce10b2022-02-14 08:47:34.218root 11241100x80000000000000001757384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.218{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260bd3eb71f76db52022-02-14 08:47:34.218root 11241100x80000000000000001757385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.220{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4996bd62953593562022-02-14 08:47:34.220root 11241100x80000000000000001757386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.220{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a6ad3ff107cf2d2022-02-14 08:47:34.220root 11241100x80000000000000001757387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.220{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6634a1fbd6e106c52022-02-14 08:47:34.220root 11241100x80000000000000001757388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.221{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecbc5b7d51baf9f2022-02-14 08:47:34.221root 11241100x80000000000000001757389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.221{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700253177c223bb52022-02-14 08:47:34.221root 11241100x80000000000000001757390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.221{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bfed32ffc06aba2022-02-14 08:47:34.221root 11241100x80000000000000001757391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.221{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e6bbc351f330952022-02-14 08:47:34.221root 11241100x80000000000000001757392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.221{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03523e47349fe6502022-02-14 08:47:34.221root 11241100x80000000000000001757393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.221{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c171d4dc1ccb083a2022-02-14 08:47:34.221root 11241100x80000000000000001757394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.221{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c393a1ecc50a70d82022-02-14 08:47:34.221root 11241100x80000000000000001757395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.221{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d5b9bb8ac963af2022-02-14 08:47:34.221root 11241100x80000000000000001757396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.221{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e15c03a3836ee42022-02-14 08:47:34.221root 11241100x80000000000000001757397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.221{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73c4946c3be62c52022-02-14 08:47:34.221root 11241100x80000000000000001757398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.221{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51360507acfc87412022-02-14 08:47:34.221root 11241100x80000000000000001757399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.221{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7c5d1749f589812022-02-14 08:47:34.221root 11241100x80000000000000001757400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.221{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d0521e812e73372022-02-14 08:47:34.221root 11241100x80000000000000001757401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.221{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e3f38333cf823e2022-02-14 08:47:34.221root 11241100x80000000000000001757402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.221{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f28740b1f0b3052022-02-14 08:47:34.221root 11241100x80000000000000001757403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.221{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bab554cb00f0ce2022-02-14 08:47:34.221root 11241100x80000000000000001757404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.222{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b965aed20b2f13c2022-02-14 08:47:34.222root 11241100x80000000000000001757405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.222{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a742f6918102952022-02-14 08:47:34.222root 11241100x80000000000000001757406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.222{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a8b387a33424902022-02-14 08:47:34.222root 11241100x80000000000000001757407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.222{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9cbe27c8cb1a0a72022-02-14 08:47:34.222root 11241100x80000000000000001757408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.222{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1325666368630d442022-02-14 08:47:34.222root 11241100x80000000000000001757409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.222{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527f9427a9cb77782022-02-14 08:47:34.222root 11241100x80000000000000001757410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.222{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596ce82d8ef62bbe2022-02-14 08:47:34.222root 11241100x80000000000000001757411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.222{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d74b628034372e2022-02-14 08:47:34.222root 11241100x80000000000000001757412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.222{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d3fca5b2f751192022-02-14 08:47:34.222root 11241100x80000000000000001757413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.222{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880f96dfdf1eaaa82022-02-14 08:47:34.222root 11241100x80000000000000001757414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.222{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef34c1d10a9e54dd2022-02-14 08:47:34.222root 11241100x80000000000000001757415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.222{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033ec4dbd686af052022-02-14 08:47:34.222root 11241100x80000000000000001757416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.222{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26686815b7f26392022-02-14 08:47:34.222root 11241100x80000000000000001757417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.222{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02fc34de64889752022-02-14 08:47:34.222root 11241100x80000000000000001757418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.222{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e613108ac70781602022-02-14 08:47:34.222root 11241100x80000000000000001757419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.222{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396cac9644da80072022-02-14 08:47:34.222root 11241100x80000000000000001757420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.223{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586c201b0ecdfdfd2022-02-14 08:47:34.223root 11241100x80000000000000001757421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.223{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cf021c4b76b3362022-02-14 08:47:34.223root 11241100x80000000000000001757422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.223{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db42cde5688195902022-02-14 08:47:34.223root 11241100x80000000000000001757423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.223{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8346b8bd967793622022-02-14 08:47:34.223root 11241100x80000000000000001757424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.224{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78305acf5ed8bcf2022-02-14 08:47:34.224root 11241100x80000000000000001757425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.224{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491041a7869fb59a2022-02-14 08:47:34.224root 11241100x80000000000000001757426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.224{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dab567d585877dd2022-02-14 08:47:34.224root 11241100x80000000000000001757427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.224{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6333bfa8480a0cc62022-02-14 08:47:34.224root 11241100x80000000000000001757428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.224{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082d3c8d2fee9e302022-02-14 08:47:34.224root 11241100x80000000000000001757429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.224{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943d01d9dd9bb78a2022-02-14 08:47:34.224root 11241100x80000000000000001757430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.224{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777ce2b446d224f62022-02-14 08:47:34.224root 11241100x80000000000000001757431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.224{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92c17716e6b909a2022-02-14 08:47:34.224root 11241100x80000000000000001757432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.224{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6782faff5fea51ec2022-02-14 08:47:34.224root 11241100x80000000000000001757433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.224{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b334c7bcc69b2b2022-02-14 08:47:34.224root 11241100x80000000000000001757434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.224{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be52c3b78102385b2022-02-14 08:47:34.224root 11241100x80000000000000001757435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.224{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15211691e956898e2022-02-14 08:47:34.224root 11241100x80000000000000001757436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.225{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fac818c0d8b49a2022-02-14 08:47:34.225root 11241100x80000000000000001757437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.225{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4aadded98a4c4372022-02-14 08:47:34.225root 11241100x80000000000000001757438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.225{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b91955715451fcc2022-02-14 08:47:34.225root 11241100x80000000000000001757439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.225{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4f4eb05dd9d10f2022-02-14 08:47:34.225root 11241100x80000000000000001757440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.225{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7963765f76184b02022-02-14 08:47:34.225root 11241100x80000000000000001757441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.225{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d576db2f3d4de0ef2022-02-14 08:47:34.225root 11241100x80000000000000001757442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.225{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf9b99336f9d2dd2022-02-14 08:47:34.225root 11241100x80000000000000001757443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.225{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eeb5611417c226f2022-02-14 08:47:34.225root 11241100x80000000000000001757444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.225{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899956bf3addb3782022-02-14 08:47:34.225root 11241100x80000000000000001757445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.225{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c3d48fdd34ef032022-02-14 08:47:34.225root 11241100x80000000000000001757446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.225{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec41d5d326cc3e862022-02-14 08:47:34.225root 11241100x80000000000000001757447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.225{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3469bf15321ab1702022-02-14 08:47:34.225root 11241100x80000000000000001757448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.225{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087e5bf8f85327fa2022-02-14 08:47:34.225root 11241100x80000000000000001757449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.225{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b945b6dc509616732022-02-14 08:47:34.225root 11241100x80000000000000001757450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.225{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d9a1ae7a0e23c22022-02-14 08:47:34.225root 11241100x80000000000000001757451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.225{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa40d33e1fcae232022-02-14 08:47:34.225root 11241100x80000000000000001757452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.226{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8607cc4d275b5ae82022-02-14 08:47:34.226root 11241100x80000000000000001757453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.226{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a213401951d2ea552022-02-14 08:47:34.226root 11241100x80000000000000001757454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.226{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e65ac914197bbdc2022-02-14 08:47:34.226root 11241100x80000000000000001757455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.226{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c911f6d19d6e66302022-02-14 08:47:34.226root 11241100x80000000000000001757456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.226{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56e27cf8655852f2022-02-14 08:47:34.226root 11241100x80000000000000001757457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.226{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5881c9e91e1a4cc12022-02-14 08:47:34.226root 11241100x80000000000000001757458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.227{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53e75cdb708165b2022-02-14 08:47:34.227root 11241100x80000000000000001757459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.227{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f86a06444dc25a2022-02-14 08:47:34.227root 11241100x80000000000000001757460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.227{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a772e87e0eb5582022-02-14 08:47:34.227root 11241100x80000000000000001757461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.227{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5831d8dc68379dfe2022-02-14 08:47:34.227root 11241100x80000000000000001757462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.227{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8804599a5073a95b2022-02-14 08:47:34.227root 11241100x80000000000000001757463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.227{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586aae41d59053872022-02-14 08:47:34.227root 11241100x80000000000000001757464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.227{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98754aea6261fcd32022-02-14 08:47:34.227root 11241100x80000000000000001757465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.227{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2288b84fa0583eac2022-02-14 08:47:34.227root 11241100x80000000000000001757466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.227{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c8e3c26e33f37b2022-02-14 08:47:34.227root 11241100x80000000000000001757467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.227{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf18dd259744d862022-02-14 08:47:34.227root 11241100x80000000000000001757468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.227{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada0ee2ca8f9595e2022-02-14 08:47:34.227root 11241100x80000000000000001757469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.227{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0a76212e1d57b82022-02-14 08:47:34.227root 11241100x80000000000000001757470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.230{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dccdbed25df3342022-02-14 08:47:34.230root 11241100x80000000000000001757471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.230{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d0d79eadde34fb2022-02-14 08:47:34.230root 11241100x80000000000000001757472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.230{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567a80f0841a4c532022-02-14 08:47:34.230root 11241100x80000000000000001757473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.230{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b1afb45b5fc6c52022-02-14 08:47:34.230root 11241100x80000000000000001757474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.230{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79dcad6c427db3682022-02-14 08:47:34.230root 11241100x80000000000000001757475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.231{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d78858c12ccf7a42022-02-14 08:47:34.231root 11241100x80000000000000001757476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.231{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3052139cddbaaea32022-02-14 08:47:34.231root 11241100x80000000000000001757477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.231{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c507ddcf6b6b352022-02-14 08:47:34.231root 11241100x80000000000000001757478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.231{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de80c7d7676188862022-02-14 08:47:34.231root 11241100x80000000000000001757479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.231{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2998d3b0dabbf9712022-02-14 08:47:34.231root 11241100x80000000000000001757480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.231{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4138f9e34c4c752022-02-14 08:47:34.231root 11241100x80000000000000001757481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.231{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f52780d30712c02022-02-14 08:47:34.231root 11241100x80000000000000001757482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.232{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc247c3a648f64f32022-02-14 08:47:34.232root 11241100x80000000000000001757483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.232{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f2c3017e4e47762022-02-14 08:47:34.232root 11241100x80000000000000001757484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.232{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0946806600a4a92022-02-14 08:47:34.232root 11241100x80000000000000001757485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.232{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d1af34910c13e72022-02-14 08:47:34.232root 11241100x80000000000000001757486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.232{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bda85ab3721d3d2022-02-14 08:47:34.232root 11241100x80000000000000001757487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.232{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6553ce4f1969de22022-02-14 08:47:34.232root 11241100x80000000000000001757488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.232{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b9f6a1d46448ae2022-02-14 08:47:34.232root 11241100x80000000000000001757489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.232{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183a3c7dc9fb77c52022-02-14 08:47:34.232root 11241100x80000000000000001757490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.232{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce29e5493d11a692022-02-14 08:47:34.232root 11241100x80000000000000001757491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.232{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55088aa9be4414ef2022-02-14 08:47:34.232root 11241100x80000000000000001757492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.232{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406dc9fe1e563fd52022-02-14 08:47:34.232root 11241100x80000000000000001757493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.232{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a000dfc910cfb82022-02-14 08:47:34.232root 11241100x80000000000000001757494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.233{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12601668b3f5da22022-02-14 08:47:34.233root 11241100x80000000000000001757495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.233{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c931a35205629a2022-02-14 08:47:34.233root 11241100x80000000000000001757496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.233{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdbc913003bacb02022-02-14 08:47:34.233root 11241100x80000000000000001757497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.233{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5c701fee1f04722022-02-14 08:47:34.233root 11241100x80000000000000001757498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.233{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab51ca79959851b32022-02-14 08:47:34.233root 11241100x80000000000000001757499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8ec54ef7fa04232022-02-14 08:47:34.680root 11241100x80000000000000001757500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9aaf737f10297ab2022-02-14 08:47:34.680root 11241100x80000000000000001757501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c91160dad1029e2022-02-14 08:47:34.680root 11241100x80000000000000001757502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61312df572e2d2b72022-02-14 08:47:34.680root 11241100x80000000000000001757503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4ea3d2b1eab0d92022-02-14 08:47:34.680root 11241100x80000000000000001757504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6816b160558faf2022-02-14 08:47:34.680root 11241100x80000000000000001757505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc82b9819adcd6322022-02-14 08:47:34.680root 11241100x80000000000000001757506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7519d4047877db722022-02-14 08:47:34.680root 11241100x80000000000000001757507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbd4aa77e8022792022-02-14 08:47:34.681root 11241100x80000000000000001757508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a135115fee024e82022-02-14 08:47:34.681root 11241100x80000000000000001757509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c1b60fed61ab732022-02-14 08:47:34.681root 11241100x80000000000000001757510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04289cd2c626b98b2022-02-14 08:47:34.681root 11241100x80000000000000001757511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eeb8a682d6da1542022-02-14 08:47:34.681root 11241100x80000000000000001757512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbec5be0f775f75e2022-02-14 08:47:34.681root 11241100x80000000000000001757513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72502bdfefa7d7762022-02-14 08:47:34.681root 11241100x80000000000000001757514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de83c8a923726782022-02-14 08:47:34.681root 11241100x80000000000000001757515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e4a707450a10b02022-02-14 08:47:34.682root 11241100x80000000000000001757516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34952ed4c226f122022-02-14 08:47:34.682root 11241100x80000000000000001757517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3f1e7457273f9e2022-02-14 08:47:34.682root 11241100x80000000000000001757518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03e95b30d4071eb2022-02-14 08:47:34.682root 11241100x80000000000000001757519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cfdd4ecf92d3af2022-02-14 08:47:34.682root 11241100x80000000000000001757520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9b2a37fb1ad5972022-02-14 08:47:34.682root 11241100x80000000000000001757521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de29d09ad77078692022-02-14 08:47:34.682root 11241100x80000000000000001757522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d1a8cc736e68902022-02-14 08:47:34.682root 11241100x80000000000000001757523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8f62144a5eaf9a2022-02-14 08:47:34.682root 11241100x80000000000000001757524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c8207bf9c4e9132022-02-14 08:47:34.682root 11241100x80000000000000001757525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2983d873d6a4ce5e2022-02-14 08:47:34.682root 11241100x80000000000000001757526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ba6814a452946e2022-02-14 08:47:34.682root 11241100x80000000000000001757527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d977cbd86626cf2022-02-14 08:47:34.682root 11241100x80000000000000001757528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b488afb6bbaca22022-02-14 08:47:34.682root 11241100x80000000000000001757529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4007314b8a35b8842022-02-14 08:47:34.682root 11241100x80000000000000001757530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5083e9684890d482022-02-14 08:47:34.682root 11241100x80000000000000001757531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94760009f06954c2022-02-14 08:47:34.683root 11241100x80000000000000001757532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016fb770e788a28c2022-02-14 08:47:34.683root 11241100x80000000000000001757533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1cc64ee36b08522022-02-14 08:47:34.683root 11241100x80000000000000001757534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f280a80787cb0f2022-02-14 08:47:34.683root 11241100x80000000000000001757535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5e690c440c855b2022-02-14 08:47:34.683root 11241100x80000000000000001757536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09fcf5e81f9e2222022-02-14 08:47:34.683root 11241100x80000000000000001757537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e2f198338035392022-02-14 08:47:34.683root 11241100x80000000000000001757538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25d7092a0fba6632022-02-14 08:47:34.683root 11241100x80000000000000001757539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffe0ece2815d70c2022-02-14 08:47:34.683root 11241100x80000000000000001757540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02214b3a66e249cf2022-02-14 08:47:34.683root 11241100x80000000000000001757541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1eab5139d89384b2022-02-14 08:47:34.683root 11241100x80000000000000001757542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1db9c34698b05f2022-02-14 08:47:34.683root 11241100x80000000000000001757543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff88f53fdd8442f2022-02-14 08:47:34.683root 11241100x80000000000000001757544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296e79a692e57e002022-02-14 08:47:34.683root 11241100x80000000000000001757545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8adb0dd8416ced2022-02-14 08:47:34.683root 11241100x80000000000000001757546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7163c2d60e0970fa2022-02-14 08:47:34.684root 11241100x80000000000000001757547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed4f112ac8f06982022-02-14 08:47:34.684root 11241100x80000000000000001757548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297f05dc318ab0412022-02-14 08:47:34.684root 11241100x80000000000000001757549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc3a5bc3d663cbc2022-02-14 08:47:34.684root 11241100x80000000000000001757550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fe4fc37f6fbc6a2022-02-14 08:47:34.684root 11241100x80000000000000001757551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d54d60a03ce0a982022-02-14 08:47:34.684root 11241100x80000000000000001757552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9cca6de88fc7102022-02-14 08:47:34.684root 11241100x80000000000000001757553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac20521bc19255142022-02-14 08:47:34.684root 11241100x80000000000000001757554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.684{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90810690375e26262022-02-14 08:47:34.684root 11241100x80000000000000001757555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bcf5a718f289cd52022-02-14 08:47:34.686root 11241100x80000000000000001757556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80499fdf0fe903f12022-02-14 08:47:34.686root 11241100x80000000000000001757557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49f1315db24b9e92022-02-14 08:47:34.686root 11241100x80000000000000001757558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e656f9ee0fd960d82022-02-14 08:47:34.686root 11241100x80000000000000001757559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e10bf2fdd245ef2022-02-14 08:47:34.686root 11241100x80000000000000001757560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1493b9c0fe832c32022-02-14 08:47:34.686root 11241100x80000000000000001757561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82223eabb4e20ee62022-02-14 08:47:34.686root 11241100x80000000000000001757562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.686{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e451aeaae9dfa10c2022-02-14 08:47:34.686root 11241100x80000000000000001757563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4f88452fa57e222022-02-14 08:47:34.687root 11241100x80000000000000001757564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21a90417726e52e2022-02-14 08:47:34.687root 11241100x80000000000000001757565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a0b35abe785f962022-02-14 08:47:34.687root 11241100x80000000000000001757566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c98d23a00cdc882022-02-14 08:47:34.687root 11241100x80000000000000001757567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49404612a94ce9fc2022-02-14 08:47:34.687root 11241100x80000000000000001757568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b72be268f644e62022-02-14 08:47:34.687root 11241100x80000000000000001757569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5c40cba87c7ad62022-02-14 08:47:34.687root 11241100x80000000000000001757570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4c06f05ebabd222022-02-14 08:47:34.687root 11241100x80000000000000001757571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cac07783854723a2022-02-14 08:47:34.687root 11241100x80000000000000001757572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d698ac861a58aea2022-02-14 08:47:34.687root 11241100x80000000000000001757573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94868889c0de2e042022-02-14 08:47:34.687root 11241100x80000000000000001757574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a107ba3c8fedfc402022-02-14 08:47:34.687root 11241100x80000000000000001757575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22dcae71bfed91752022-02-14 08:47:34.687root 11241100x80000000000000001757576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8640d08a31fbee502022-02-14 08:47:34.687root 11241100x80000000000000001757577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3f6bce2855c9f22022-02-14 08:47:34.687root 11241100x80000000000000001757578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.687{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ac7816794cba1a2022-02-14 08:47:34.687root 11241100x80000000000000001757579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e794f3f112a818492022-02-14 08:47:34.688root 11241100x80000000000000001757580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57ac4fea6b642132022-02-14 08:47:34.688root 11241100x80000000000000001757581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8813caad215eaa2022-02-14 08:47:34.688root 11241100x80000000000000001757582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b427355e52cee7912022-02-14 08:47:34.688root 11241100x80000000000000001757583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9600df2f6795202022-02-14 08:47:34.688root 11241100x80000000000000001757584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fb173e2c21d6262022-02-14 08:47:34.688root 11241100x80000000000000001757585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2aa49a6754c9c3f2022-02-14 08:47:34.688root 11241100x80000000000000001757586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.688{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07751a571c0199212022-02-14 08:47:34.688root 11241100x80000000000000001757587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb1f7ce2583f6f72022-02-14 08:47:34.690root 11241100x80000000000000001757588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360c1c781857f70d2022-02-14 08:47:34.690root 11241100x80000000000000001757589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46db1d4e94e29c7c2022-02-14 08:47:34.690root 11241100x80000000000000001757590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc637d30e7dc42f22022-02-14 08:47:34.690root 11241100x80000000000000001757591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c3fe325d5dd6f22022-02-14 08:47:34.690root 11241100x80000000000000001757592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a74b754990946e52022-02-14 08:47:34.690root 11241100x80000000000000001757593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18bb7e51e77df242022-02-14 08:47:34.690root 11241100x80000000000000001757594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.690{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a97a6d72888e63d2022-02-14 08:47:34.690root 11241100x80000000000000001757595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40453c7fe58078252022-02-14 08:47:34.691root 11241100x80000000000000001757596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8d08e584e040b92022-02-14 08:47:34.691root 11241100x80000000000000001757597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2148f16612760a322022-02-14 08:47:34.691root 11241100x80000000000000001757598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9d4335611f09972022-02-14 08:47:34.691root 11241100x80000000000000001757599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.691{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74ee3ceaca5f7152022-02-14 08:47:34.691root 11241100x80000000000000001757600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37808aa6a54a12632022-02-14 08:47:34.692root 11241100x80000000000000001757601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6eb6f8880e3b3f2022-02-14 08:47:34.692root 11241100x80000000000000001757602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3934d17c6727ac22022-02-14 08:47:34.692root 11241100x80000000000000001757603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda769e50ea1f9b32022-02-14 08:47:34.692root 11241100x80000000000000001757604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88fbe9285bf890f2022-02-14 08:47:34.692root 11241100x80000000000000001757605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04674e3084f096752022-02-14 08:47:34.692root 11241100x80000000000000001757606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f07dc2776c3b4152022-02-14 08:47:34.692root 11241100x80000000000000001757607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae5915d4e18ca102022-02-14 08:47:34.692root 11241100x80000000000000001757608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e11d2318ad1e202022-02-14 08:47:34.692root 11241100x80000000000000001757609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfa057fe4d76d942022-02-14 08:47:34.692root 11241100x80000000000000001757610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7568710715bb422022-02-14 08:47:34.692root 11241100x80000000000000001757611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f1d0ac394430842022-02-14 08:47:34.692root 11241100x80000000000000001757612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32aeaecd32d0a0ca2022-02-14 08:47:34.692root 11241100x80000000000000001757613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.692{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0f15052dad79b02022-02-14 08:47:34.692root 11241100x80000000000000001757614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4deda27f98cde4152022-02-14 08:47:34.693root 11241100x80000000000000001757615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9ab8b2432269c62022-02-14 08:47:34.693root 11241100x80000000000000001757616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5195194dc824f62022-02-14 08:47:34.693root 11241100x80000000000000001757617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb43484cdd9971e2022-02-14 08:47:34.693root 11241100x80000000000000001757618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c61ca190370b662022-02-14 08:47:34.693root 11241100x80000000000000001757619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f501ab0b81348cc52022-02-14 08:47:34.693root 11241100x80000000000000001757620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5523a07f3f4b1232022-02-14 08:47:34.693root 11241100x80000000000000001757621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f62ca2686fc80372022-02-14 08:47:34.693root 11241100x80000000000000001757622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92befcd50f411012022-02-14 08:47:34.693root 11241100x80000000000000001757623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5adb202f641fa322022-02-14 08:47:34.693root 11241100x80000000000000001757624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d97b343258c2dc22022-02-14 08:47:34.693root 11241100x80000000000000001757625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b5eee4ac081ff72022-02-14 08:47:34.693root 11241100x80000000000000001757626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:34.693{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b076c75160d45292022-02-14 08:47:34.693root 354300x80000000000000001757751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:51.062{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51570-false10.0.1.12-8000- 11241100x80000000000000001757752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:51.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59f68915513cf302022-02-14 08:47:51.429root 11241100x80000000000000001757753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:51.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b109370e3ed20362022-02-14 08:47:51.929root 11241100x80000000000000001757754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:52.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26314ce4d531ca042022-02-14 08:47:52.429root 11241100x80000000000000001757755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:52.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6534bd2a3584ff7c2022-02-14 08:47:52.929root 11241100x80000000000000001757756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:53.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90684e2759f80ce32022-02-14 08:47:53.429root 11241100x80000000000000001757757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:53.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86c3e3d30a1bb802022-02-14 08:47:53.929root 11241100x80000000000000001757758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:54.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291e94ae321af10c2022-02-14 08:47:54.429root 11241100x80000000000000001757759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:54.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50f918cbbbf82862022-02-14 08:47:54.929root 11241100x80000000000000001757760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:55.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e711dda9c6d1102022-02-14 08:47:55.429root 11241100x80000000000000001757761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:55.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dde531cef2036662022-02-14 08:47:55.929root 354300x80000000000000001757762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:56.183{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51572-false10.0.1.12-8000- 11241100x80000000000000001757763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:56.184{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748b4f63e248a4ef2022-02-14 08:47:56.184root 11241100x80000000000000001757764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:56.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fbdbabcb3486592022-02-14 08:47:56.679root 11241100x80000000000000001757765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:56.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed608247cc9c30162022-02-14 08:47:56.680root 11241100x80000000000000001757766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:57.179{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae60ed04e893ebd2022-02-14 08:47:57.179root 11241100x80000000000000001757767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:57.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3930ac455b439f1e2022-02-14 08:47:57.180root 11241100x80000000000000001757768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:57.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf77e792b4fcf7212022-02-14 08:47:57.679root 11241100x80000000000000001757769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:57.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dde76124ea42f2e2022-02-14 08:47:57.680root 11241100x80000000000000001757770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:58.179{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d36cfa3c1cb2992022-02-14 08:47:58.179root 11241100x80000000000000001757771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:58.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be70039059d1551d2022-02-14 08:47:58.180root 11241100x80000000000000001757772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:58.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e730602521de39b2022-02-14 08:47:58.679root 11241100x80000000000000001757773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:58.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b82d43b2511ebe2022-02-14 08:47:58.680root 11241100x80000000000000001757774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:59.179{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338a1350cfd7c52c2022-02-14 08:47:59.179root 11241100x80000000000000001757775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:59.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cd8a0a209df5862022-02-14 08:47:59.180root 11241100x80000000000000001757776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:59.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd79e58642afc3e2022-02-14 08:47:59.679root 11241100x80000000000000001757777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:47:59.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0a013bdd363ced2022-02-14 08:47:59.680root 11241100x80000000000000001757778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:00.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf2bcd1604fe7082022-02-14 08:48:00.180root 11241100x80000000000000001757779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:00.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70cd8bdab8fae9a2022-02-14 08:48:00.180root 11241100x80000000000000001757780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:00.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3576aa3272af5e2022-02-14 08:48:00.679root 11241100x80000000000000001757781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:00.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbac452e4c69cc42022-02-14 08:48:00.680root 11241100x80000000000000001757782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:01.179{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5973b32919c722722022-02-14 08:48:01.179root 11241100x80000000000000001757783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:01.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559bace677234d632022-02-14 08:48:01.180root 11241100x80000000000000001757784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:01.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7603f47d2e8aee2022-02-14 08:48:01.679root 11241100x80000000000000001757785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:01.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e7b70487f9ed242022-02-14 08:48:01.680root 354300x80000000000000001757786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:02.032{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51574-false10.0.1.12-8000- 11241100x80000000000000001757787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:02.032{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8879cc32e2b021c2022-02-14 08:48:02.032root 11241100x80000000000000001757788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:02.032{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47f4ae57df84b7b2022-02-14 08:48:02.032root 11241100x80000000000000001757789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:02.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c1c25c69bce7f42022-02-14 08:48:02.429root 11241100x80000000000000001757790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72daeae1d3f9004f2022-02-14 08:48:02.430root 11241100x80000000000000001757791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:02.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20259c879de9f9cc2022-02-14 08:48:02.430root 11241100x80000000000000001757792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b0678a986e9e742022-02-14 08:48:02.930root 11241100x80000000000000001757793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48877a2b487c5a22022-02-14 08:48:02.930root 11241100x80000000000000001757794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:02.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e8c6abf348e1712022-02-14 08:48:02.930root 11241100x80000000000000001757795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:03.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a926e391d22a24952022-02-14 08:48:03.429root 11241100x80000000000000001757796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:03.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daebdce3b362e7992022-02-14 08:48:03.430root 11241100x80000000000000001757797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:03.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c230f59bac7f60c52022-02-14 08:48:03.430root 11241100x80000000000000001757798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:03.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723077f6d40281e82022-02-14 08:48:03.929root 11241100x80000000000000001757799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0664faad6c1219c2022-02-14 08:48:03.930root 11241100x80000000000000001757800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:03.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7510f6091bc2d42022-02-14 08:48:03.930root 11241100x80000000000000001757801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:04.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a54bb648557fbc2022-02-14 08:48:04.429root 11241100x80000000000000001757802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:04.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9458a47f53e8852022-02-14 08:48:04.430root 11241100x80000000000000001757803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:04.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df452e9ab094a8d22022-02-14 08:48:04.430root 11241100x80000000000000001757804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:04.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0243ce0c36f1222022-02-14 08:48:04.929root 11241100x80000000000000001757805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:04.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6206e970a0c957b62022-02-14 08:48:04.930root 11241100x80000000000000001757806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:04.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9def9967e8b9898b2022-02-14 08:48:04.930root 11241100x80000000000000001757807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:05.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc32a2e31b11cd52022-02-14 08:48:05.429root 11241100x80000000000000001757808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:05.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798f6e7904619e7a2022-02-14 08:48:05.430root 11241100x80000000000000001757809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:05.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b9a8e058fc06792022-02-14 08:48:05.430root 11241100x80000000000000001757810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:05.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befaa787a0a7d0b42022-02-14 08:48:05.929root 11241100x80000000000000001757811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:05.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9294b9de35ff9112022-02-14 08:48:05.930root 11241100x80000000000000001757812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:05.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3748dbb0a09a8dd2022-02-14 08:48:05.930root 11241100x80000000000000001757813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:06.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6cdd1d91a9b8d02022-02-14 08:48:06.429root 11241100x80000000000000001757814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:06.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2d572c8a3a1f3f2022-02-14 08:48:06.430root 11241100x80000000000000001757815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:06.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1667d21003855c6d2022-02-14 08:48:06.430root 11241100x80000000000000001757816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:06.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28518bf6aacf8f2f2022-02-14 08:48:06.930root 11241100x80000000000000001757817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:06.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc370a31770337bc2022-02-14 08:48:06.930root 11241100x80000000000000001757818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:06.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974d50491fc800812022-02-14 08:48:06.930root 354300x80000000000000001757819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:07.188{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51576-false10.0.1.12-8000- 11241100x80000000000000001757820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:07.189{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9bd86f583084132022-02-14 08:48:07.189root 11241100x80000000000000001757821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:07.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a036be7c85b3472022-02-14 08:48:07.190root 11241100x80000000000000001757822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:07.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37bc108bf6b0136d2022-02-14 08:48:07.190root 11241100x80000000000000001757823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:07.190{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e919c07aa5977b3e2022-02-14 08:48:07.190root 11241100x80000000000000001757824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:07.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7847d512a4daf4e32022-02-14 08:48:07.680root 11241100x80000000000000001757825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:07.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb1e224cd84a59e2022-02-14 08:48:07.680root 11241100x80000000000000001757826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:07.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bb53be7f7e65932022-02-14 08:48:07.680root 11241100x80000000000000001757827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:07.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13e949f93703a972022-02-14 08:48:07.680root 11241100x80000000000000001757828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:08.179{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3f15cc97f26b432022-02-14 08:48:08.179root 11241100x80000000000000001757829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:08.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b93c5b5546ec082022-02-14 08:48:08.180root 11241100x80000000000000001757830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:08.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53ab7ffe10c4bba2022-02-14 08:48:08.180root 11241100x80000000000000001757831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:08.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e497efc6f39cc12022-02-14 08:48:08.180root 11241100x80000000000000001757832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:08.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb721e6d601242ef2022-02-14 08:48:08.680root 11241100x80000000000000001757833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:08.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d748efad3810372022-02-14 08:48:08.680root 11241100x80000000000000001757834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:08.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51dc77328c932cc92022-02-14 08:48:08.680root 11241100x80000000000000001757835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:08.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58857685807dbef92022-02-14 08:48:08.680root 11241100x80000000000000001757836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb43bf3b4983be52022-02-14 08:48:09.180root 11241100x80000000000000001757837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2b75ffb0022f6b2022-02-14 08:48:09.180root 11241100x80000000000000001757838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb26c387d53b2cd2022-02-14 08:48:09.180root 11241100x80000000000000001757839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:09.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084436a81508f0a22022-02-14 08:48:09.180root 11241100x80000000000000001757840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:09.679{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075e42a2c205155d2022-02-14 08:48:09.679root 11241100x80000000000000001757841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a61dec3741eba72022-02-14 08:48:09.680root 11241100x80000000000000001757842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16e65de703d8eca2022-02-14 08:48:09.680root 11241100x80000000000000001757843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:09.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14c9cd9962ec47b2022-02-14 08:48:09.680root 11241100x80000000000000001757844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:10.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8817289e053e152022-02-14 08:48:10.180root 11241100x80000000000000001757845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:10.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6490d11e3f795c2022-02-14 08:48:10.180root 11241100x80000000000000001757846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:10.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462ee90a08ace0a72022-02-14 08:48:10.180root 11241100x80000000000000001757847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:10.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66442da5197a9bf32022-02-14 08:48:10.180root 11241100x80000000000000001757848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:10.211{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-02-14 08:48:10.211root 354300x80000000000000001757849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:10.234{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-55066-false10.0.1.12-8089- 11241100x80000000000000001757850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:10.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0284f329fb8f462022-02-14 08:48:10.680root 11241100x80000000000000001757851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:10.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0975ccb6b60743472022-02-14 08:48:10.680root 11241100x80000000000000001757852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:10.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce2d8b529e1527a2022-02-14 08:48:10.680root 11241100x80000000000000001757853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:10.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6610579b24c6ca2022-02-14 08:48:10.680root 11241100x80000000000000001757854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:10.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3b0bfac5ec4d912022-02-14 08:48:10.680root 11241100x80000000000000001757855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:10.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f58c5c203247cd2022-02-14 08:48:10.680root 11241100x80000000000000001757856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:11.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35203eee0d26bbc2022-02-14 08:48:11.180root 11241100x80000000000000001757857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:11.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb769659f4cf41e92022-02-14 08:48:11.180root 11241100x80000000000000001757858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:11.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec420a17ead17fa2022-02-14 08:48:11.180root 11241100x80000000000000001757859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:11.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f86709717af4742022-02-14 08:48:11.180root 11241100x80000000000000001757860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:11.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbf377a98f1b07e2022-02-14 08:48:11.180root 11241100x80000000000000001757861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:11.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d555eb591f0e474f2022-02-14 08:48:11.180root 11241100x80000000000000001757862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:11.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4c71528dc182652022-02-14 08:48:11.680root 11241100x80000000000000001757863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:11.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc2b1663a3ac6c62022-02-14 08:48:11.680root 11241100x80000000000000001757864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:11.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d092101ad7857722022-02-14 08:48:11.680root 11241100x80000000000000001757865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:11.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ba3699208156c42022-02-14 08:48:11.680root 11241100x80000000000000001757866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:11.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b594809b1fa498cf2022-02-14 08:48:11.680root 11241100x80000000000000001757867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:11.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d2ae9688ee75612022-02-14 08:48:11.680root 11241100x80000000000000001757868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:12.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e16cbbdfedd7a22022-02-14 08:48:12.180root 11241100x80000000000000001757869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:12.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163acd0be1d1eccb2022-02-14 08:48:12.180root 11241100x80000000000000001757870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:12.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f986919b9195fcd2022-02-14 08:48:12.180root 11241100x80000000000000001757871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:12.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bdb92111631b412022-02-14 08:48:12.180root 11241100x80000000000000001757872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:12.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f34cbd42dbe5792022-02-14 08:48:12.180root 11241100x80000000000000001757873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:12.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cdb2a5b4866a972022-02-14 08:48:12.180root 11241100x80000000000000001757874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:12.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9202b7973b8cbd82022-02-14 08:48:12.680root 11241100x80000000000000001757875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:12.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff5a9c16a828f422022-02-14 08:48:12.680root 11241100x80000000000000001757876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:12.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852a0de3834eb2282022-02-14 08:48:12.680root 11241100x80000000000000001757877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:12.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e53c2cdf36e6ec22022-02-14 08:48:12.680root 11241100x80000000000000001757878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:12.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceea4239d54d447e2022-02-14 08:48:12.680root 11241100x80000000000000001757879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:12.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ef70ca1faba48b2022-02-14 08:48:12.680root 354300x80000000000000001757880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.130{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51580-false10.0.1.12-8000- 11241100x80000000000000001757881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbef80f0b2a722092022-02-14 08:48:13.131root 11241100x80000000000000001757882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f269206a4c9bb2a2022-02-14 08:48:13.131root 11241100x80000000000000001757883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.131{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02732419861405632022-02-14 08:48:13.131root 11241100x80000000000000001757884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50238979838402032022-02-14 08:48:13.132root 11241100x80000000000000001757885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fc43c0d982a4a22022-02-14 08:48:13.132root 11241100x80000000000000001757886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b1acb88941a92e2022-02-14 08:48:13.132root 11241100x80000000000000001757887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.132{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9f5b26a593209c2022-02-14 08:48:13.132root 23542300x80000000000000001757888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.213{ec2ab09f-1002-620a-3078-922c7d550000}1328root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000001757889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c6125c6cbf22192022-02-14 08:48:13.429root 11241100x80000000000000001757890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4085308f1a3901392022-02-14 08:48:13.430root 11241100x80000000000000001757891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ed5a36768fd6062022-02-14 08:48:13.430root 11241100x80000000000000001757892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40b43508284c63b2022-02-14 08:48:13.430root 11241100x80000000000000001757893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afc38942d53f1772022-02-14 08:48:13.431root 11241100x80000000000000001757894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263b2369ce9abe592022-02-14 08:48:13.431root 11241100x80000000000000001757895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9739d6ea360416602022-02-14 08:48:13.431root 11241100x80000000000000001757896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208ec54aab4c5de52022-02-14 08:48:13.432root 11241100x80000000000000001757897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1283bb36b9a6a5262022-02-14 08:48:13.930root 11241100x80000000000000001757898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c979d754e4d76ecb2022-02-14 08:48:13.930root 11241100x80000000000000001757899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e61e91d759943d2022-02-14 08:48:13.930root 11241100x80000000000000001757900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60fe1def0b04d2d2022-02-14 08:48:13.930root 11241100x80000000000000001757901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0543196a03df5ec52022-02-14 08:48:13.930root 11241100x80000000000000001757902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebdecae05a04ab02022-02-14 08:48:13.930root 11241100x80000000000000001757903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98892c9966dc962b2022-02-14 08:48:13.930root 11241100x80000000000000001757904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:13.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6ff330af581b332022-02-14 08:48:13.930root 11241100x80000000000000001757905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:14.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8685c29990da0d822022-02-14 08:48:14.429root 11241100x80000000000000001757906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f63256dc56ee3de2022-02-14 08:48:14.430root 11241100x80000000000000001757907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12598d6f41fbfc12022-02-14 08:48:14.430root 11241100x80000000000000001757908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99e597f3cc0e6ea2022-02-14 08:48:14.430root 11241100x80000000000000001757909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:14.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23cac22e58ad84e32022-02-14 08:48:14.430root 11241100x80000000000000001757910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fabca480b7f8382022-02-14 08:48:14.431root 11241100x80000000000000001757911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8a458a81d977762022-02-14 08:48:14.431root 11241100x80000000000000001757912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:14.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531a3084b7ec13b82022-02-14 08:48:14.431root 11241100x80000000000000001757913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b461f0fffd0c6c32022-02-14 08:48:14.930root 11241100x80000000000000001757914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5548d7abc93280b82022-02-14 08:48:14.930root 11241100x80000000000000001757915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dfd9ef70045db52022-02-14 08:48:14.930root 11241100x80000000000000001757916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82a0ed179f52d412022-02-14 08:48:14.930root 11241100x80000000000000001757917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452d3106bd2581952022-02-14 08:48:14.930root 11241100x80000000000000001757918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb4392674a0b9e32022-02-14 08:48:14.930root 11241100x80000000000000001757919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351c25a66f3bf2e22022-02-14 08:48:14.930root 11241100x80000000000000001757920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:14.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7a90ac176e0bdc2022-02-14 08:48:14.930root 11241100x80000000000000001757921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:15.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94313265f17b2fbc2022-02-14 08:48:15.429root 11241100x80000000000000001757922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f19ed79f0b4c4f42022-02-14 08:48:15.430root 11241100x80000000000000001757923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ebfee7536276a02022-02-14 08:48:15.430root 11241100x80000000000000001757924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7039442a87f7db942022-02-14 08:48:15.430root 11241100x80000000000000001757925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3af98d697ca8dc2022-02-14 08:48:15.430root 11241100x80000000000000001757926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcc8a2c653a60332022-02-14 08:48:15.430root 11241100x80000000000000001757927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:15.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f48d53dd4a689e2022-02-14 08:48:15.430root 11241100x80000000000000001757928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:15.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f57fbae018b7832022-02-14 08:48:15.431root 11241100x80000000000000001757929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746e216a0a6c71fb2022-02-14 08:48:15.930root 11241100x80000000000000001757930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fea52f652f9bbe2022-02-14 08:48:15.930root 11241100x80000000000000001757931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d58568ee6ad5472022-02-14 08:48:15.930root 11241100x80000000000000001757932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748ff6830174bc2a2022-02-14 08:48:15.930root 11241100x80000000000000001757933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28afcc758f739ef2022-02-14 08:48:15.930root 11241100x80000000000000001757934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7439edbfd90f8c452022-02-14 08:48:15.930root 11241100x80000000000000001757935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c646f14837b014f52022-02-14 08:48:15.930root 11241100x80000000000000001757936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:15.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c95bb5adbba03b12022-02-14 08:48:15.930root 11241100x80000000000000001757937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebc3ba600ad3cae2022-02-14 08:48:16.430root 11241100x80000000000000001757938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d7d7d8939c64502022-02-14 08:48:16.430root 11241100x80000000000000001757939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a94b95f6d7d01662022-02-14 08:48:16.430root 11241100x80000000000000001757940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:16.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51306adf0ebdc77b2022-02-14 08:48:16.430root 11241100x80000000000000001757941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022fd2416f3071f92022-02-14 08:48:16.431root 11241100x80000000000000001757942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fde4b3a570642e2022-02-14 08:48:16.431root 11241100x80000000000000001757943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d2bcd3af22f4b02022-02-14 08:48:16.431root 11241100x80000000000000001757944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:16.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb06f8ec1ba49382022-02-14 08:48:16.431root 11241100x80000000000000001757945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:16.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63773c9fa6dbac02022-02-14 08:48:16.929root 11241100x80000000000000001757946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3fc5e32fc5fd4e2022-02-14 08:48:16.930root 11241100x80000000000000001757947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0403e98da7d3d5b32022-02-14 08:48:16.930root 11241100x80000000000000001757948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e3b0292708e0fc2022-02-14 08:48:16.930root 11241100x80000000000000001757949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d3a73edf10a3c52022-02-14 08:48:16.930root 11241100x80000000000000001757950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:16.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645e516a3a5c4b832022-02-14 08:48:16.930root 11241100x80000000000000001757951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7f4035dc1796812022-02-14 08:48:16.931root 11241100x80000000000000001757952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:16.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3a5c62794740122022-02-14 08:48:16.931root 11241100x80000000000000001757953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afda884b1bd54e3d2022-02-14 08:48:17.430root 11241100x80000000000000001757954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc415340aeccaff72022-02-14 08:48:17.430root 11241100x80000000000000001757955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae9578c80167aa42022-02-14 08:48:17.430root 11241100x80000000000000001757956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8c97424582023c2022-02-14 08:48:17.430root 11241100x80000000000000001757957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d8af762af7ba282022-02-14 08:48:17.430root 11241100x80000000000000001757958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75282592d2d65f72022-02-14 08:48:17.430root 11241100x80000000000000001757959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:17.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1c195e445f3d222022-02-14 08:48:17.430root 11241100x80000000000000001757960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:17.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c132c2062d800e6d2022-02-14 08:48:17.431root 11241100x80000000000000001757961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:17.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3c5246f3cb32532022-02-14 08:48:17.929root 11241100x80000000000000001757962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45601e27311b77002022-02-14 08:48:17.930root 11241100x80000000000000001757963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c93bbecea4e44c22022-02-14 08:48:17.930root 11241100x80000000000000001757964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ae3ce943bb26352022-02-14 08:48:17.930root 11241100x80000000000000001757965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:17.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4ae3c32e29483f2022-02-14 08:48:17.930root 11241100x80000000000000001757966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a60ca63cf5e9db2022-02-14 08:48:17.931root 11241100x80000000000000001757967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3bb0890c16097f2022-02-14 08:48:17.931root 11241100x80000000000000001757968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:17.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338836b49e2b64592022-02-14 08:48:17.931root 11241100x80000000000000001757969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0156ce30937e3652022-02-14 08:48:18.430root 11241100x80000000000000001757970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df826da26fa93342022-02-14 08:48:18.430root 11241100x80000000000000001757971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59cb6bfa61e34ad2022-02-14 08:48:18.430root 11241100x80000000000000001757972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2bdb73913238ce2022-02-14 08:48:18.430root 11241100x80000000000000001757973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34fc21b9b026c3e2022-02-14 08:48:18.430root 11241100x80000000000000001757974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bedd3ca42470b432022-02-14 08:48:18.430root 11241100x80000000000000001757975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:18.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6158a3406adf6552022-02-14 08:48:18.430root 11241100x80000000000000001757976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:18.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c211cc770071082022-02-14 08:48:18.431root 11241100x80000000000000001757977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:18.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb694e7e5592a8352022-02-14 08:48:18.929root 11241100x80000000000000001757978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461fecf8616ec07b2022-02-14 08:48:18.930root 11241100x80000000000000001757979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8851d5508ef7492022-02-14 08:48:18.930root 11241100x80000000000000001757980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2582be24f25ae6962022-02-14 08:48:18.930root 11241100x80000000000000001757981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ccff98ef1af9be2022-02-14 08:48:18.930root 11241100x80000000000000001757982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:18.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51e7d5395c02fa32022-02-14 08:48:18.930root 11241100x80000000000000001757983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d0f8a508f382a22022-02-14 08:48:18.931root 11241100x80000000000000001757984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:18.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c529f1d502a4f2302022-02-14 08:48:18.931root 354300x80000000000000001757985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:19.105{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51582-false10.0.1.12-8000- 11241100x80000000000000001757986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:19.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58162856f52012a12022-02-14 08:48:19.429root 11241100x80000000000000001757987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a640f9d278a1f4ab2022-02-14 08:48:19.430root 11241100x80000000000000001757988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0205e84643c1982022-02-14 08:48:19.430root 11241100x80000000000000001757989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666edf7298197efe2022-02-14 08:48:19.430root 11241100x80000000000000001757990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6005fb53305a3f2022-02-14 08:48:19.430root 11241100x80000000000000001757991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8703402a5a18152022-02-14 08:48:19.430root 11241100x80000000000000001757992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37848d9ee8b219d72022-02-14 08:48:19.430root 11241100x80000000000000001757993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:19.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b373cc2a604cabbd2022-02-14 08:48:19.430root 11241100x80000000000000001757994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:19.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ef1123e69451162022-02-14 08:48:19.431root 11241100x80000000000000001757995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:19.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227e76a09474c52e2022-02-14 08:48:19.929root 11241100x80000000000000001757996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b86a1cc85f5c8a2022-02-14 08:48:19.930root 11241100x80000000000000001757997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1728de04b6a8a31c2022-02-14 08:48:19.930root 11241100x80000000000000001757998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165d897aedb56cb72022-02-14 08:48:19.930root 11241100x80000000000000001757999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb31e7870d108b172022-02-14 08:48:19.930root 11241100x80000000000000001758000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:19.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51c0126975c34302022-02-14 08:48:19.930root 11241100x80000000000000001758001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128e4ee643bcd9322022-02-14 08:48:19.931root 11241100x80000000000000001758002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56724d300ec6e59f2022-02-14 08:48:19.931root 11241100x80000000000000001758003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:19.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3937bfb6d0180d5d2022-02-14 08:48:19.931root 11241100x80000000000000001758004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db19f37aec5f1c22022-02-14 08:48:20.430root 11241100x80000000000000001758005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a8728109c6ce112022-02-14 08:48:20.430root 11241100x80000000000000001758006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55acea6d5cf79502022-02-14 08:48:20.430root 11241100x80000000000000001758007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:20.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d64ce5257a6dec2022-02-14 08:48:20.430root 11241100x80000000000000001758008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9f376dd1c3560f2022-02-14 08:48:20.431root 11241100x80000000000000001758009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684305acf4af66db2022-02-14 08:48:20.431root 11241100x80000000000000001758010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2b181c9c8ace6e2022-02-14 08:48:20.431root 11241100x80000000000000001758011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5746b86759672e912022-02-14 08:48:20.431root 11241100x80000000000000001758012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:20.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfae3fe0d3941402022-02-14 08:48:20.431root 11241100x80000000000000001758013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:20.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c271cfad48604a132022-02-14 08:48:20.929root 11241100x80000000000000001758014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e749911c72ad7f2022-02-14 08:48:20.930root 11241100x80000000000000001758015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79cdf87695ff4362022-02-14 08:48:20.930root 11241100x80000000000000001758016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a464da7207323a82022-02-14 08:48:20.930root 11241100x80000000000000001758017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:20.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf03202868b22f442022-02-14 08:48:20.930root 11241100x80000000000000001758018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f455c8ee27ccb1c02022-02-14 08:48:20.931root 11241100x80000000000000001758019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140ed8fd819075c02022-02-14 08:48:20.931root 11241100x80000000000000001758020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ee543002e35c0d2022-02-14 08:48:20.931root 11241100x80000000000000001758021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:20.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a5522ad8d6e7c12022-02-14 08:48:20.931root 11241100x80000000000000001758022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d326a3c9600c90b2022-02-14 08:48:21.431root 11241100x80000000000000001758023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6bed9ec6d528bf2022-02-14 08:48:21.431root 11241100x80000000000000001758024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5c938ba9c35f752022-02-14 08:48:21.431root 11241100x80000000000000001758025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abaf21758c245d12022-02-14 08:48:21.431root 11241100x80000000000000001758026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5677130414902a1b2022-02-14 08:48:21.431root 11241100x80000000000000001758027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:21.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b712b278332ce52022-02-14 08:48:21.431root 11241100x80000000000000001758028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7ee09cfb7d8fdd2022-02-14 08:48:21.432root 11241100x80000000000000001758029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62829241a6ae1292022-02-14 08:48:21.432root 11241100x80000000000000001758030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:21.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ffe83d0bc3d28b2022-02-14 08:48:21.432root 11241100x80000000000000001758031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:21.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41a259b3a0d44c32022-02-14 08:48:21.929root 11241100x80000000000000001758032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c981c12cf5ebb4c42022-02-14 08:48:21.930root 11241100x80000000000000001758033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6613751f685bc4d32022-02-14 08:48:21.930root 11241100x80000000000000001758034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484601e0b31692502022-02-14 08:48:21.930root 11241100x80000000000000001758035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c0b1ff1a681c512022-02-14 08:48:21.930root 11241100x80000000000000001758036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4efedbd65bb16e5b2022-02-14 08:48:21.930root 11241100x80000000000000001758037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:21.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52cee207a052307d2022-02-14 08:48:21.930root 11241100x80000000000000001758038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89845fe56b2b7fba2022-02-14 08:48:21.931root 11241100x80000000000000001758039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:21.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348db2fbcda16ac72022-02-14 08:48:21.931root 11241100x80000000000000001758040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8803ece05d75ae202022-02-14 08:48:22.430root 11241100x80000000000000001758041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb089990465a0b92022-02-14 08:48:22.430root 11241100x80000000000000001758042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:22.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94c031c674123ac2022-02-14 08:48:22.430root 11241100x80000000000000001758043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f445da2ec12aba2022-02-14 08:48:22.431root 11241100x80000000000000001758044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a242dc678ae803cc2022-02-14 08:48:22.431root 11241100x80000000000000001758045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aae04144e8a2dd92022-02-14 08:48:22.431root 11241100x80000000000000001758046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:22.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088b863de90a4fb92022-02-14 08:48:22.431root 11241100x80000000000000001758047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:22.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c5b6c907c6b2602022-02-14 08:48:22.432root 11241100x80000000000000001758048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:22.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce20fd062499e9b62022-02-14 08:48:22.432root 11241100x80000000000000001758049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27831e7c34820cd2022-02-14 08:48:22.930root 11241100x80000000000000001758050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed940c3378a09bec2022-02-14 08:48:22.930root 11241100x80000000000000001758051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a9e679dc69b05a2022-02-14 08:48:22.930root 11241100x80000000000000001758052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923319c1bdbc8af12022-02-14 08:48:22.930root 11241100x80000000000000001758053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4295b9925f8bd82022-02-14 08:48:22.930root 11241100x80000000000000001758054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9310c423e85e5a8c2022-02-14 08:48:22.930root 11241100x80000000000000001758055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bafc1f1c7c5eda2022-02-14 08:48:22.930root 11241100x80000000000000001758056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:22.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653053680563ab342022-02-14 08:48:22.930root 11241100x80000000000000001758057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:22.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7caa5fa8b8fba8db2022-02-14 08:48:22.931root 11241100x80000000000000001758058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:23.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5c69e963ce723d2022-02-14 08:48:23.429root 11241100x80000000000000001758059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91fef7deee3f2db2022-02-14 08:48:23.430root 11241100x80000000000000001758060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48718f7911a36e42022-02-14 08:48:23.430root 11241100x80000000000000001758061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:23.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d27224b4dd852312022-02-14 08:48:23.430root 11241100x80000000000000001758062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f2b45659a98a012022-02-14 08:48:23.431root 11241100x80000000000000001758063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcee9f2012505002022-02-14 08:48:23.431root 11241100x80000000000000001758064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:23.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57737426f4b5605a2022-02-14 08:48:23.431root 11241100x80000000000000001758065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:23.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c4afdfc48795752022-02-14 08:48:23.432root 11241100x80000000000000001758066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:23.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c611ff25795928f2022-02-14 08:48:23.432root 11241100x80000000000000001758067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:23.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb619531b74bdaca2022-02-14 08:48:23.929root 11241100x80000000000000001758068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603d306771cf35882022-02-14 08:48:23.930root 11241100x80000000000000001758069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3889b0e8ccf105082022-02-14 08:48:23.930root 11241100x80000000000000001758070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:23.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42c578192aaf65d2022-02-14 08:48:23.930root 11241100x80000000000000001758071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885e9930bd52602a2022-02-14 08:48:23.931root 11241100x80000000000000001758072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0341087c7bed3fcb2022-02-14 08:48:23.931root 11241100x80000000000000001758073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488880fb1aebf34d2022-02-14 08:48:23.931root 11241100x80000000000000001758074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd58aa643aaef052022-02-14 08:48:23.931root 11241100x80000000000000001758075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:23.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ce0d906eba76512022-02-14 08:48:23.931root 354300x80000000000000001758076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:24.174{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51584-false10.0.1.12-8000- 11241100x80000000000000001758077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:24.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576457236538a4382022-02-14 08:48:24.429root 11241100x80000000000000001758078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae6aade6777d2162022-02-14 08:48:24.430root 11241100x80000000000000001758079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723f79c7eeedb9762022-02-14 08:48:24.430root 11241100x80000000000000001758080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebcf070eb2ca9562022-02-14 08:48:24.430root 11241100x80000000000000001758081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492bd6d679e94e5e2022-02-14 08:48:24.430root 11241100x80000000000000001758082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d47025142f072ba2022-02-14 08:48:24.430root 11241100x80000000000000001758083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24286ce75a55c54f2022-02-14 08:48:24.430root 11241100x80000000000000001758084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b770ef831e1ddd82022-02-14 08:48:24.430root 11241100x80000000000000001758085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25e6d35b67280d72022-02-14 08:48:24.430root 11241100x80000000000000001758086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:24.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a14abac5c79c542022-02-14 08:48:24.430root 11241100x80000000000000001758087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1efb60dc168a7b2022-02-14 08:48:24.930root 11241100x80000000000000001758088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d25d539bbfbf8ba2022-02-14 08:48:24.930root 11241100x80000000000000001758089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb3c3f20baf70fe2022-02-14 08:48:24.930root 11241100x80000000000000001758090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56033025d5ba6d12022-02-14 08:48:24.930root 11241100x80000000000000001758091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786e54d299a796712022-02-14 08:48:24.930root 11241100x80000000000000001758092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d270801d2483222022-02-14 08:48:24.930root 11241100x80000000000000001758093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f47eed885d5c192022-02-14 08:48:24.930root 11241100x80000000000000001758094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c18b45b0b1d2d1c2022-02-14 08:48:24.930root 11241100x80000000000000001758095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629f2084b6923e252022-02-14 08:48:24.930root 11241100x80000000000000001758096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:24.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2450c29f8d430db42022-02-14 08:48:24.930root 11241100x80000000000000001758097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dca71affa76f62b2022-02-14 08:48:25.430root 11241100x80000000000000001758098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73fa90b107c8ea2f2022-02-14 08:48:25.430root 11241100x80000000000000001758099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992bc2d396227b392022-02-14 08:48:25.430root 11241100x80000000000000001758100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b2f440f5a49df32022-02-14 08:48:25.430root 11241100x80000000000000001758101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9484878c406cd042022-02-14 08:48:25.430root 11241100x80000000000000001758102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1900c1f1c45aeb2022-02-14 08:48:25.430root 11241100x80000000000000001758103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb476ec6c33d8eac2022-02-14 08:48:25.430root 11241100x80000000000000001758104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3359324db970c8c62022-02-14 08:48:25.430root 11241100x80000000000000001758105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:25.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf492e03e58118d2022-02-14 08:48:25.430root 11241100x80000000000000001758106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:25.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00a30be5caf0a6b2022-02-14 08:48:25.431root 11241100x80000000000000001758107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:25.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aad08af182a57132022-02-14 08:48:25.929root 11241100x80000000000000001758108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184a6c7489e3f7032022-02-14 08:48:25.930root 11241100x80000000000000001758109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71acfeae228086bb2022-02-14 08:48:25.930root 11241100x80000000000000001758110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1d2fb847ea06342022-02-14 08:48:25.930root 11241100x80000000000000001758111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df4c8bb800a76e02022-02-14 08:48:25.930root 11241100x80000000000000001758112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f73734471e46d212022-02-14 08:48:25.930root 11241100x80000000000000001758113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1334d83e5bdae6302022-02-14 08:48:25.930root 11241100x80000000000000001758114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c447fe6c4a1e8b382022-02-14 08:48:25.930root 11241100x80000000000000001758115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e18b7038102e2342022-02-14 08:48:25.930root 11241100x80000000000000001758116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:25.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed305e828453f472022-02-14 08:48:25.930root 11241100x80000000000000001758117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2309555cbf7c302022-02-14 08:48:26.430root 11241100x80000000000000001758118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a6e9608a08bcd12022-02-14 08:48:26.430root 11241100x80000000000000001758119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbdff692a35ad012022-02-14 08:48:26.430root 11241100x80000000000000001758120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57199993efd47832022-02-14 08:48:26.430root 11241100x80000000000000001758121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57c3273f5dccb642022-02-14 08:48:26.430root 11241100x80000000000000001758122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44a45e648a578e32022-02-14 08:48:26.430root 11241100x80000000000000001758123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717c5e6ef1584c612022-02-14 08:48:26.430root 11241100x80000000000000001758124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:26.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b881b415ad7012f92022-02-14 08:48:26.430root 11241100x80000000000000001758125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6ef79fa33db77c2022-02-14 08:48:26.431root 11241100x80000000000000001758126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:26.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41802da74d15ed572022-02-14 08:48:26.431root 11241100x80000000000000001758127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f5a4266b219b432022-02-14 08:48:26.930root 11241100x80000000000000001758128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6d6c1156ecdb592022-02-14 08:48:26.930root 11241100x80000000000000001758129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a2d4a4278ec4a92022-02-14 08:48:26.930root 11241100x80000000000000001758130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fb039b09bb4f2c2022-02-14 08:48:26.930root 11241100x80000000000000001758131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2dd44b335fa4612022-02-14 08:48:26.930root 11241100x80000000000000001758132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df872287d4a85582022-02-14 08:48:26.930root 11241100x80000000000000001758133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7b039b45ea2a8d2022-02-14 08:48:26.930root 11241100x80000000000000001758134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:26.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044aa2ef64ff724f2022-02-14 08:48:26.930root 11241100x80000000000000001758135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9870742d0c34de2022-02-14 08:48:26.931root 11241100x80000000000000001758136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:26.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e75df582bc563a2022-02-14 08:48:26.931root 11241100x80000000000000001758137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd934c2fb13b1112022-02-14 08:48:27.430root 11241100x80000000000000001758138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e59ddd90c25f5c2022-02-14 08:48:27.430root 11241100x80000000000000001758139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e11f282bc4477062022-02-14 08:48:27.430root 11241100x80000000000000001758140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e58c95b21cabb8a2022-02-14 08:48:27.430root 11241100x80000000000000001758141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09213387c7a7403a2022-02-14 08:48:27.430root 11241100x80000000000000001758142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdccfaa190408852022-02-14 08:48:27.430root 11241100x80000000000000001758143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0018e6ca0069b96d2022-02-14 08:48:27.430root 11241100x80000000000000001758144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21be5a0caa08bcef2022-02-14 08:48:27.430root 11241100x80000000000000001758145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:27.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45fc8ec7ef9e9112022-02-14 08:48:27.430root 11241100x80000000000000001758146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:27.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837e85791a82f0712022-02-14 08:48:27.431root 11241100x80000000000000001758147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f90f8999a2b2a472022-02-14 08:48:27.930root 11241100x80000000000000001758148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4308a75b64615ecb2022-02-14 08:48:27.930root 11241100x80000000000000001758149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe2d1bb9a4829022022-02-14 08:48:27.930root 11241100x80000000000000001758150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3e068ae53233aa2022-02-14 08:48:27.930root 11241100x80000000000000001758151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d99d91e51a43dc2022-02-14 08:48:27.930root 11241100x80000000000000001758152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a24f539d96ad44d2022-02-14 08:48:27.930root 11241100x80000000000000001758153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53cb26ed7b3fa7032022-02-14 08:48:27.930root 11241100x80000000000000001758154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ba22224b7a47eb2022-02-14 08:48:27.930root 11241100x80000000000000001758155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:27.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa8c17c415ee7d32022-02-14 08:48:27.930root 11241100x80000000000000001758156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:27.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0fc5244c21efc32022-02-14 08:48:27.931root 11241100x80000000000000001758157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:28.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a12c3b8eefbb422022-02-14 08:48:28.429root 11241100x80000000000000001758158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068d422f12cea10f2022-02-14 08:48:28.430root 11241100x80000000000000001758159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3949d819020057432022-02-14 08:48:28.430root 11241100x80000000000000001758160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5dd457a1a3b6bed2022-02-14 08:48:28.430root 11241100x80000000000000001758161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3dc9f41d67990f2022-02-14 08:48:28.430root 11241100x80000000000000001758162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f128f82ff7be8eee2022-02-14 08:48:28.430root 11241100x80000000000000001758163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7675a68d6fee802022-02-14 08:48:28.430root 11241100x80000000000000001758164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9a00ba4923c7fc2022-02-14 08:48:28.430root 11241100x80000000000000001758165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f865c83eee5f222022-02-14 08:48:28.430root 11241100x80000000000000001758166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:28.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afb5d93b2f0e8702022-02-14 08:48:28.430root 11241100x80000000000000001758167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161eaef20940bdf82022-02-14 08:48:28.930root 11241100x80000000000000001758168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745093b488ce10a32022-02-14 08:48:28.930root 11241100x80000000000000001758169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a1357b0de572a52022-02-14 08:48:28.930root 11241100x80000000000000001758170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1202a17f0f2c76a42022-02-14 08:48:28.930root 11241100x80000000000000001758171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c727ae129feed862022-02-14 08:48:28.930root 11241100x80000000000000001758172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289e5bf92cb348022022-02-14 08:48:28.930root 11241100x80000000000000001758173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcb1d4bc8f6194b2022-02-14 08:48:28.930root 11241100x80000000000000001758174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d739c3b7bbc4d9c42022-02-14 08:48:28.930root 11241100x80000000000000001758175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:28.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350c97261ea16e482022-02-14 08:48:28.930root 11241100x80000000000000001758176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:28.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe5a66b4097ac862022-02-14 08:48:28.931root 11241100x80000000000000001758177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae02e25f1f0a1f22022-02-14 08:48:29.430root 11241100x80000000000000001758178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab8d30ae88cd3b12022-02-14 08:48:29.430root 11241100x80000000000000001758179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aff87dd8647d74a2022-02-14 08:48:29.430root 11241100x80000000000000001758180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1339a02ce43de092022-02-14 08:48:29.430root 11241100x80000000000000001758181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fddb8c3cc1ce55f2022-02-14 08:48:29.430root 11241100x80000000000000001758182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b286dd7997dcdc2022-02-14 08:48:29.430root 11241100x80000000000000001758183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f613879eb232b292022-02-14 08:48:29.430root 11241100x80000000000000001758184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2db0310a960b3d2022-02-14 08:48:29.430root 11241100x80000000000000001758185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f4bb5e401112c22022-02-14 08:48:29.430root 11241100x80000000000000001758186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:29.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37806a61a5c18c642022-02-14 08:48:29.430root 11241100x80000000000000001758187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6eece90a652e79f2022-02-14 08:48:29.930root 11241100x80000000000000001758188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a74a92c35dae472022-02-14 08:48:29.930root 11241100x80000000000000001758189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858fa7d41345fac82022-02-14 08:48:29.930root 11241100x80000000000000001758190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8369e351f776193f2022-02-14 08:48:29.930root 11241100x80000000000000001758191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7d6a17f4a2b9a42022-02-14 08:48:29.930root 11241100x80000000000000001758192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7881d9b8737ac202022-02-14 08:48:29.930root 11241100x80000000000000001758193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a318979520d7e4802022-02-14 08:48:29.930root 11241100x80000000000000001758194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a21fec27c37eb72022-02-14 08:48:29.930root 11241100x80000000000000001758195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51def372d8df0862022-02-14 08:48:29.930root 11241100x80000000000000001758196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:29.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0d38d08a660a662022-02-14 08:48:29.930root 354300x80000000000000001758197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.044{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51586-false10.0.1.12-8000- 11241100x80000000000000001758198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7dfbd783edb5d3a2022-02-14 08:48:30.430root 11241100x80000000000000001758199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4881cd2395b26a0e2022-02-14 08:48:30.430root 11241100x80000000000000001758200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db00373d6a7a68192022-02-14 08:48:30.430root 11241100x80000000000000001758201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6777e600df399902022-02-14 08:48:30.430root 11241100x80000000000000001758202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2d1f7ea9787cac2022-02-14 08:48:30.430root 11241100x80000000000000001758203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8e5856a10161af2022-02-14 08:48:30.430root 11241100x80000000000000001758204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63cdb3925b2b1662022-02-14 08:48:30.430root 11241100x80000000000000001758205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37c0812511c48022022-02-14 08:48:30.430root 11241100x80000000000000001758206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e81b2103a14573e2022-02-14 08:48:30.431root 11241100x80000000000000001758207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b102dd2ce6848fe02022-02-14 08:48:30.431root 11241100x80000000000000001758208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0038f41df23341902022-02-14 08:48:30.431root 11241100x80000000000000001758209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24588a3edf610de22022-02-14 08:48:30.930root 11241100x80000000000000001758210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfc6399095ef7f82022-02-14 08:48:30.930root 11241100x80000000000000001758211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee734779f98043522022-02-14 08:48:30.930root 11241100x80000000000000001758212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded388b769ee85bd2022-02-14 08:48:30.930root 11241100x80000000000000001758213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb1da5f1167764c2022-02-14 08:48:30.930root 11241100x80000000000000001758214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb1beb0c4d4422d2022-02-14 08:48:30.931root 11241100x80000000000000001758215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81e687d8354c99e2022-02-14 08:48:30.931root 11241100x80000000000000001758216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607ce43fc39cc9802022-02-14 08:48:30.931root 11241100x80000000000000001758217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b428096d2db39da42022-02-14 08:48:30.931root 11241100x80000000000000001758218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da365f97f7727ab12022-02-14 08:48:30.931root 11241100x80000000000000001758219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:30.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b316833e5e3b572022-02-14 08:48:30.931root 11241100x80000000000000001758220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de04bb7fc5b1a37e2022-02-14 08:48:31.430root 11241100x80000000000000001758221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a1d3fc3b9ec2432022-02-14 08:48:31.430root 11241100x80000000000000001758222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78eb2fc2f83bcb52022-02-14 08:48:31.430root 11241100x80000000000000001758223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca298e232b4614db2022-02-14 08:48:31.430root 11241100x80000000000000001758224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:31.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cc0be86a6357832022-02-14 08:48:31.430root 11241100x80000000000000001758225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a8aa7f38f2995c2022-02-14 08:48:31.431root 11241100x80000000000000001758226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87802035e868c4ee2022-02-14 08:48:31.431root 11241100x80000000000000001758227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783e228d31fab0632022-02-14 08:48:31.431root 11241100x80000000000000001758228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:31.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd64f3d0a4d4be182022-02-14 08:48:31.431root 11241100x80000000000000001758229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:31.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cad0147d92fcaa2022-02-14 08:48:31.433root 11241100x80000000000000001758230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:31.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010ce7edb66448bd2022-02-14 08:48:31.433root 11241100x80000000000000001758231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:31.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1913328411caff22022-02-14 08:48:31.929root 11241100x80000000000000001758232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00c5b42bdb4290f2022-02-14 08:48:31.930root 11241100x80000000000000001758233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac248d5918fc5b152022-02-14 08:48:31.930root 11241100x80000000000000001758234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300df0646bcc91ca2022-02-14 08:48:31.930root 11241100x80000000000000001758235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb79d44d6f9d4aa32022-02-14 08:48:31.930root 11241100x80000000000000001758236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91aaa40e332286d82022-02-14 08:48:31.930root 11241100x80000000000000001758237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b54c9d34b34c6c2022-02-14 08:48:31.930root 11241100x80000000000000001758238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05bb8dec63198e92022-02-14 08:48:31.930root 11241100x80000000000000001758239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ddd05c5e22978d2022-02-14 08:48:31.930root 11241100x80000000000000001758240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c474116dcafff2bc2022-02-14 08:48:31.930root 11241100x80000000000000001758241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:31.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548118d272ad6e6e2022-02-14 08:48:31.930root 11241100x80000000000000001758242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:32.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6bc7c2480b7ee82022-02-14 08:48:32.430root 11241100x80000000000000001758243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:32.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfbd91701e985232022-02-14 08:48:32.430root 11241100x80000000000000001758244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:32.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77df65c9a477950d2022-02-14 08:48:32.430root 11241100x80000000000000001758245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:32.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5792a5477479b1bb2022-02-14 08:48:32.430root 11241100x80000000000000001758246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:32.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e677d879c1ac662022-02-14 08:48:32.430root 11241100x80000000000000001758247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:32.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462e72074d18cbd32022-02-14 08:48:32.430root 11241100x80000000000000001758248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbc790b44e60aca2022-02-14 08:48:32.431root 11241100x80000000000000001758249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2e3ca4eb12c64d2022-02-14 08:48:32.431root 11241100x80000000000000001758250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e81259f20883f962022-02-14 08:48:32.431root 11241100x80000000000000001758251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbbb1e36ed3ad942022-02-14 08:48:32.431root 11241100x80000000000000001758252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:32.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42791a6843a6bca72022-02-14 08:48:32.431root 11241100x80000000000000001758253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82f08d6a756b9942022-02-14 08:48:32.930root 11241100x80000000000000001758254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1507523995a3ac322022-02-14 08:48:32.930root 11241100x80000000000000001758255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4b4d175bdbbf722022-02-14 08:48:32.930root 11241100x80000000000000001758256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3e1c5b734afc032022-02-14 08:48:32.930root 11241100x80000000000000001758257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:32.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1eba799baa2a4a2022-02-14 08:48:32.930root 11241100x80000000000000001758258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6265eb49525b3bf52022-02-14 08:48:32.931root 11241100x80000000000000001758259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d436d4ca3744f6f12022-02-14 08:48:32.931root 11241100x80000000000000001758260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c10ef00b8acc93b2022-02-14 08:48:32.931root 11241100x80000000000000001758261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5592d87510f9302022-02-14 08:48:32.931root 11241100x80000000000000001758262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979e84a0621d08192022-02-14 08:48:32.931root 11241100x80000000000000001758263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:32.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f322b6bb441bf19d2022-02-14 08:48:32.931root 11241100x80000000000000001758264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:33.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3771eea078d73af2022-02-14 08:48:33.429root 11241100x80000000000000001758265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1608814210cd087c2022-02-14 08:48:33.430root 11241100x80000000000000001758266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f0494cc04d219a2022-02-14 08:48:33.430root 11241100x80000000000000001758267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec03639b9870a4252022-02-14 08:48:33.430root 11241100x80000000000000001758268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7362b90b0905777f2022-02-14 08:48:33.430root 11241100x80000000000000001758269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9846ef5e1c4a496e2022-02-14 08:48:33.430root 11241100x80000000000000001758270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0a5e0a9db0fbcd2022-02-14 08:48:33.430root 11241100x80000000000000001758271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1e7bb2f75decb32022-02-14 08:48:33.430root 11241100x80000000000000001758272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337007c4ae35c7112022-02-14 08:48:33.430root 11241100x80000000000000001758273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67396aa39598f0222022-02-14 08:48:33.430root 11241100x80000000000000001758274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:33.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd25f4a7ff261652022-02-14 08:48:33.430root 11241100x80000000000000001758275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:33.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1f2bbe28ba1e142022-02-14 08:48:33.930root 11241100x80000000000000001758276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:33.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d4affcf9dce0102022-02-14 08:48:33.930root 11241100x80000000000000001758277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:33.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f0332b798d5e712022-02-14 08:48:33.930root 11241100x80000000000000001758278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:33.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b559dde59c6720622022-02-14 08:48:33.930root 11241100x80000000000000001758279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:33.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de9796acbab1cde2022-02-14 08:48:33.931root 11241100x80000000000000001758280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:33.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa5e0a8e77fbaba2022-02-14 08:48:33.931root 11241100x80000000000000001758281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:33.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3762ec8d0e4f7fe72022-02-14 08:48:33.931root 11241100x80000000000000001758282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:33.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0177f64f547ab4192022-02-14 08:48:33.931root 11241100x80000000000000001758283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:33.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5202acc4de360f092022-02-14 08:48:33.931root 11241100x80000000000000001758284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:33.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf0eea6683c175e2022-02-14 08:48:33.931root 11241100x80000000000000001758285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:33.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319d31850ba68b0b2022-02-14 08:48:33.932root 11241100x80000000000000001758286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:34.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46232ba2f9ffa0ac2022-02-14 08:48:34.429root 11241100x80000000000000001758287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697eaec56e7eca832022-02-14 08:48:34.430root 11241100x80000000000000001758288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be486e43587e72d2022-02-14 08:48:34.430root 11241100x80000000000000001758289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8790769829bb6fe92022-02-14 08:48:34.430root 11241100x80000000000000001758290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ab2df9099f45b12022-02-14 08:48:34.430root 11241100x80000000000000001758291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53311d585c969a542022-02-14 08:48:34.430root 11241100x80000000000000001758292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:34.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f67bec623f56a242022-02-14 08:48:34.430root 11241100x80000000000000001758293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:34.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb047531d2cc02472022-02-14 08:48:34.431root 11241100x80000000000000001758294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:34.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff226590ee35e8c2022-02-14 08:48:34.431root 11241100x80000000000000001758295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:34.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25e4f6dfed1dda52022-02-14 08:48:34.431root 11241100x80000000000000001758296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:34.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea252bd6b2399dc82022-02-14 08:48:34.431root 11241100x80000000000000001758297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:34.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e92f111e4c83b7a2022-02-14 08:48:34.930root 11241100x80000000000000001758298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:34.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7425e1fc0ee7b74e2022-02-14 08:48:34.930root 11241100x80000000000000001758299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:34.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddc450b9485e1f02022-02-14 08:48:34.930root 11241100x80000000000000001758300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:34.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bd6a85f35c57c22022-02-14 08:48:34.931root 11241100x80000000000000001758301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:34.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798bd7b57b5646072022-02-14 08:48:34.931root 11241100x80000000000000001758302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:34.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da473092874cca0d2022-02-14 08:48:34.931root 11241100x80000000000000001758303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:34.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b82fb02bdad1eac2022-02-14 08:48:34.931root 11241100x80000000000000001758304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:34.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fe9b6baa9e71692022-02-14 08:48:34.931root 11241100x80000000000000001758305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:34.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc685184cc38b2172022-02-14 08:48:34.931root 11241100x80000000000000001758306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:34.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d9302f2aa4ad652022-02-14 08:48:34.931root 11241100x80000000000000001758307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:34.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd88f1d136ea2db32022-02-14 08:48:34.932root 354300x80000000000000001758308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.095{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51588-false10.0.1.12-8000- 11241100x80000000000000001758309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e934d9e8aa16002022-02-14 08:48:35.430root 11241100x80000000000000001758310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292589ec1777bc622022-02-14 08:48:35.430root 11241100x80000000000000001758311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a677d73256cbc62c2022-02-14 08:48:35.430root 11241100x80000000000000001758312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8de7fe56196423b2022-02-14 08:48:35.430root 11241100x80000000000000001758313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0b5848c5f2f0222022-02-14 08:48:35.430root 11241100x80000000000000001758314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14ac19dd67d5fe02022-02-14 08:48:35.430root 11241100x80000000000000001758315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10454f0ce838e9522022-02-14 08:48:35.430root 11241100x80000000000000001758316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc07ae920fb1a44c2022-02-14 08:48:35.430root 11241100x80000000000000001758317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a08dd1ed0a198d2022-02-14 08:48:35.430root 11241100x80000000000000001758318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9cb2d843dcbf512022-02-14 08:48:35.431root 11241100x80000000000000001758319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f606e87decf098e2022-02-14 08:48:35.431root 11241100x80000000000000001758320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06dfe63d21ab2d5f2022-02-14 08:48:35.431root 11241100x80000000000000001758321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bc12cc5919380e2022-02-14 08:48:35.930root 11241100x80000000000000001758322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f492e1ef618e4092022-02-14 08:48:35.930root 11241100x80000000000000001758323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7c730a10de0d1b2022-02-14 08:48:35.930root 11241100x80000000000000001758324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3ed86b4fac44602022-02-14 08:48:35.930root 11241100x80000000000000001758325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ad4fdc4fbcf3512022-02-14 08:48:35.930root 11241100x80000000000000001758326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44434a6fc8f49b6b2022-02-14 08:48:35.930root 11241100x80000000000000001758327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c159bd4064560792022-02-14 08:48:35.931root 11241100x80000000000000001758328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fa261c0c3354af2022-02-14 08:48:35.931root 11241100x80000000000000001758329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7eade0ab96f532f2022-02-14 08:48:35.931root 11241100x80000000000000001758330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7280753518aacac92022-02-14 08:48:35.931root 11241100x80000000000000001758331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656e4708cabd68c52022-02-14 08:48:35.931root 11241100x80000000000000001758332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:35.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3728a91a70738a2022-02-14 08:48:35.931root 11241100x80000000000000001758333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e314dc0bde7cf92022-02-14 08:48:36.429root 11241100x80000000000000001758334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75930c5f991f20f32022-02-14 08:48:36.430root 11241100x80000000000000001758335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1388b644a86ea0162022-02-14 08:48:36.430root 11241100x80000000000000001758336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6cc15b758a9e932022-02-14 08:48:36.430root 11241100x80000000000000001758337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e2448388f4e1662022-02-14 08:48:36.430root 11241100x80000000000000001758338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a36585fa82fd3f2022-02-14 08:48:36.430root 11241100x80000000000000001758339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b776928114365a322022-02-14 08:48:36.430root 11241100x80000000000000001758340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1d20a1dca867732022-02-14 08:48:36.431root 11241100x80000000000000001758341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05ee19c0bd884ae2022-02-14 08:48:36.431root 11241100x80000000000000001758342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62274354e343ec752022-02-14 08:48:36.431root 11241100x80000000000000001758343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f5acc36ac1b9c12022-02-14 08:48:36.431root 11241100x80000000000000001758344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2f61dacfca5ed62022-02-14 08:48:36.431root 11241100x80000000000000001758345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.929{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9cc6a4d5263f492022-02-14 08:48:36.929root 11241100x80000000000000001758346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17726f3453a545d2022-02-14 08:48:36.930root 11241100x80000000000000001758347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983d6696a82371e82022-02-14 08:48:36.930root 11241100x80000000000000001758348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097ec266167c87a02022-02-14 08:48:36.930root 11241100x80000000000000001758349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa075bcb80de5d52022-02-14 08:48:36.930root 11241100x80000000000000001758350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9397a9e718039b72022-02-14 08:48:36.930root 11241100x80000000000000001758351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7dccc32175348642022-02-14 08:48:36.930root 11241100x80000000000000001758352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5c9c25c07687922022-02-14 08:48:36.930root 11241100x80000000000000001758353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2fff03486b23792022-02-14 08:48:36.930root 11241100x80000000000000001758354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b7b1c7e266d0752022-02-14 08:48:36.930root 11241100x80000000000000001758355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6ffa344f0efef62022-02-14 08:48:36.930root 11241100x80000000000000001758356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:36.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf2d3ef1d350dff2022-02-14 08:48:36.930root 11241100x80000000000000001758357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cbf5bde21011ed2022-02-14 08:48:37.430root 11241100x80000000000000001758358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbb92ee2c973d482022-02-14 08:48:37.430root 11241100x80000000000000001758359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b266241e157466362022-02-14 08:48:37.430root 11241100x80000000000000001758360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c3b2d11ef995b22022-02-14 08:48:37.430root 11241100x80000000000000001758361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc27ed468524b6be2022-02-14 08:48:37.430root 11241100x80000000000000001758362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301a0a24ca5cff892022-02-14 08:48:37.430root 11241100x80000000000000001758363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ae74de050b0fda2022-02-14 08:48:37.430root 11241100x80000000000000001758364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10e8303071d21642022-02-14 08:48:37.431root 11241100x80000000000000001758365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d59a5dc7c3f84972022-02-14 08:48:37.431root 11241100x80000000000000001758366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7c70e5b27ef05d2022-02-14 08:48:37.431root 11241100x80000000000000001758367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c15f1661b2f4e72022-02-14 08:48:37.431root 11241100x80000000000000001758368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3b2ab6bc507e2c2022-02-14 08:48:37.431root 154100x80000000000000001758369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.838{ec2ab09f-1765-620a-68a4-cab6b5550000}2083/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2ab09f-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}871--- 11241100x80000000000000001758370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.840{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66abcf22e147885a2022-02-14 08:48:37.840root 11241100x80000000000000001758371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.840{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b7eaeb8909fa4e2022-02-14 08:48:37.840root 11241100x80000000000000001758372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.840{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7f9b2a5383049b2022-02-14 08:48:37.840root 11241100x80000000000000001758373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.840{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b873d59a69210bff2022-02-14 08:48:37.840root 11241100x80000000000000001758374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.840{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f9e3557940edb52022-02-14 08:48:37.840root 11241100x80000000000000001758375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.840{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c8bbd06ea703f62022-02-14 08:48:37.840root 11241100x80000000000000001758376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.840{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cc8ad4e25960d42022-02-14 08:48:37.840root 11241100x80000000000000001758377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.840{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764e97220998f56f2022-02-14 08:48:37.840root 11241100x80000000000000001758378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.840{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbb30182481755f2022-02-14 08:48:37.840root 11241100x80000000000000001758379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.840{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b906fe896b24f6a2022-02-14 08:48:37.840root 11241100x80000000000000001758380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.840{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6675c8dc1af443db2022-02-14 08:48:37.840root 11241100x80000000000000001758381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.840{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecd692853a78b912022-02-14 08:48:37.840root 11241100x80000000000000001758382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.841{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42905805bee55c12022-02-14 08:48:37.841root 534500x80000000000000001758383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:37.849{ec2ab09f-1765-620a-68a4-cab6b5550000}2083/bin/psroot 11241100x80000000000000001758384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e10e5df2ed2df32022-02-14 08:48:38.180root 11241100x80000000000000001758385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b9c1b9844a07aa2022-02-14 08:48:38.180root 11241100x80000000000000001758386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac757e00aa2ce302022-02-14 08:48:38.180root 11241100x80000000000000001758387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c89a88a275d6ae2022-02-14 08:48:38.180root 11241100x80000000000000001758388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17e03e385558eff2022-02-14 08:48:38.180root 11241100x80000000000000001758389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cda5ce2f3eb6092022-02-14 08:48:38.180root 11241100x80000000000000001758390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4a051168612a972022-02-14 08:48:38.181root 11241100x80000000000000001758391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df17811a81ec2a12022-02-14 08:48:38.181root 11241100x80000000000000001758392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2589b2a3ee41df2022-02-14 08:48:38.181root 11241100x80000000000000001758393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b949da6af624532022-02-14 08:48:38.181root 11241100x80000000000000001758394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7587a3d93646092022-02-14 08:48:38.181root 11241100x80000000000000001758395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b15fcef2dd0739f2022-02-14 08:48:38.181root 11241100x80000000000000001758396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f13047b598a8342022-02-14 08:48:38.181root 11241100x80000000000000001758397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263b9e0f9d3aedc12022-02-14 08:48:38.181root 11241100x80000000000000001758398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45844f112c2f9202022-02-14 08:48:38.680root 11241100x80000000000000001758399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bef81245e9771ec2022-02-14 08:48:38.680root 11241100x80000000000000001758400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b879c5c59f2dea12022-02-14 08:48:38.680root 11241100x80000000000000001758401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4798f07338dc78c52022-02-14 08:48:38.680root 11241100x80000000000000001758402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31934cc193f9f4332022-02-14 08:48:38.680root 11241100x80000000000000001758403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cbba8c6d6dbe522022-02-14 08:48:38.681root 11241100x80000000000000001758404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47474ea4e5e779822022-02-14 08:48:38.681root 11241100x80000000000000001758405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca1dfa8cc22f5e32022-02-14 08:48:38.681root 11241100x80000000000000001758406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227e1b6fecdceced2022-02-14 08:48:38.681root 11241100x80000000000000001758407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1943bb87c6b1c6852022-02-14 08:48:38.681root 11241100x80000000000000001758408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cd99ef3891cf452022-02-14 08:48:38.681root 11241100x80000000000000001758409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8e711412bfc5d82022-02-14 08:48:38.681root 11241100x80000000000000001758410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50789e6544080d6b2022-02-14 08:48:38.682root 11241100x80000000000000001758411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:38.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e06ec89503ce5f02022-02-14 08:48:38.682root 11241100x80000000000000001758412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20a496fed2a4ae22022-02-14 08:48:39.180root 11241100x80000000000000001758413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28024f69111f20d62022-02-14 08:48:39.180root 11241100x80000000000000001758414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641447db036430012022-02-14 08:48:39.180root 11241100x80000000000000001758415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d246f6c8179ab972022-02-14 08:48:39.181root 11241100x80000000000000001758416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c1a7881920c6022022-02-14 08:48:39.181root 11241100x80000000000000001758417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ff0a323859458b2022-02-14 08:48:39.181root 11241100x80000000000000001758418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfa49a9e46832252022-02-14 08:48:39.181root 11241100x80000000000000001758419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99ebe03918c8e4b2022-02-14 08:48:39.181root 11241100x80000000000000001758420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8494a79d5457d3862022-02-14 08:48:39.182root 11241100x80000000000000001758421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4705b359f96e80be2022-02-14 08:48:39.182root 11241100x80000000000000001758422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b05b6d3d3ad94972022-02-14 08:48:39.182root 11241100x80000000000000001758423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf39328d1bb3d282022-02-14 08:48:39.182root 11241100x80000000000000001758424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40de6bea532a5b772022-02-14 08:48:39.182root 11241100x80000000000000001758425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81a25d90792063d2022-02-14 08:48:39.182root 11241100x80000000000000001758426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6bcde81ca4c49d2022-02-14 08:48:39.680root 11241100x80000000000000001758427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8013e5d7fe4f652022-02-14 08:48:39.680root 11241100x80000000000000001758428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e4595936875a4a2022-02-14 08:48:39.680root 11241100x80000000000000001758429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e7eacde55884a42022-02-14 08:48:39.681root 11241100x80000000000000001758430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230a54459bd9b96a2022-02-14 08:48:39.681root 11241100x80000000000000001758431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c58c848913f6b7f2022-02-14 08:48:39.681root 11241100x80000000000000001758432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd8ec003ab07b072022-02-14 08:48:39.681root 11241100x80000000000000001758433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abeed7839afefc82022-02-14 08:48:39.681root 11241100x80000000000000001758434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661aaab0267815f42022-02-14 08:48:39.682root 11241100x80000000000000001758435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f05dee021f059e2022-02-14 08:48:39.682root 11241100x80000000000000001758436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55122e83caf9dd192022-02-14 08:48:39.682root 11241100x80000000000000001758437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7be0ef278fb5b92022-02-14 08:48:39.682root 11241100x80000000000000001758438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9935e1ba3c70312022-02-14 08:48:39.683root 11241100x80000000000000001758439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:39.683{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717b1adfae63dd092022-02-14 08:48:39.683root 354300x80000000000000001758440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.102{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51590-false10.0.1.12-8000- 11241100x80000000000000001758441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.102{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f4f7b40be0e56c2022-02-14 08:48:40.102root 11241100x80000000000000001758442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.103{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53031f0cbd239ad2022-02-14 08:48:40.103root 11241100x80000000000000001758443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.103{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c4d4ac2e930ed12022-02-14 08:48:40.103root 11241100x80000000000000001758444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.103{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725cd89e4144de652022-02-14 08:48:40.103root 11241100x80000000000000001758445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.103{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222f4209aed9d4cf2022-02-14 08:48:40.103root 11241100x80000000000000001758446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.103{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffbae95b13e774e2022-02-14 08:48:40.103root 11241100x80000000000000001758447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.103{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d748b9471d13c92022-02-14 08:48:40.103root 11241100x80000000000000001758448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.103{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01fc9f2b09c5dd72022-02-14 08:48:40.103root 11241100x80000000000000001758449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.103{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb37a1406b47e7a2022-02-14 08:48:40.103root 11241100x80000000000000001758450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.104{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a48cc141a440f812022-02-14 08:48:40.104root 11241100x80000000000000001758451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.104{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4b8cceee456c182022-02-14 08:48:40.104root 11241100x80000000000000001758452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.104{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5d7d0efa97f3da2022-02-14 08:48:40.104root 11241100x80000000000000001758453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.104{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6440ffc919afa92022-02-14 08:48:40.104root 11241100x80000000000000001758454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.104{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0844b2d02f52d35d2022-02-14 08:48:40.104root 11241100x80000000000000001758455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.104{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38f9519b96e35de2022-02-14 08:48:40.104root 11241100x80000000000000001758456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.211{ec2ab09f-1002-620a-3078-922c7d550000}1328/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-02-14 08:48:40.211root 11241100x80000000000000001758457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51e1154ee2c366a2022-02-14 08:48:40.430root 11241100x80000000000000001758458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d99dc8994866f582022-02-14 08:48:40.430root 11241100x80000000000000001758459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8679380f1c3d293d2022-02-14 08:48:40.430root 11241100x80000000000000001758460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d26cdf6c5fe252c2022-02-14 08:48:40.430root 11241100x80000000000000001758461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2613e36ae92c09f52022-02-14 08:48:40.431root 11241100x80000000000000001758462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7785fc466fd0692022-02-14 08:48:40.431root 11241100x80000000000000001758463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a894d40ed65dd1c62022-02-14 08:48:40.431root 11241100x80000000000000001758464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b753cdbb9f7656832022-02-14 08:48:40.431root 11241100x80000000000000001758465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0953dfa89079032022-02-14 08:48:40.431root 11241100x80000000000000001758466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec91e81e73a5d0fb2022-02-14 08:48:40.431root 11241100x80000000000000001758467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4ecc96f18df26d2022-02-14 08:48:40.431root 11241100x80000000000000001758468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b70e9b2366c16462022-02-14 08:48:40.431root 11241100x80000000000000001758469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493d39f1a0faa4a42022-02-14 08:48:40.431root 11241100x80000000000000001758470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da5c19b56b54f1d2022-02-14 08:48:40.431root 11241100x80000000000000001758471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7116c883c777dbe02022-02-14 08:48:40.432root 11241100x80000000000000001758472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af85a6398e59f6dd2022-02-14 08:48:40.432root 11241100x80000000000000001758473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd89ba7a4d5b48462022-02-14 08:48:40.930root 11241100x80000000000000001758474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24c488d9deb9b2e2022-02-14 08:48:40.930root 11241100x80000000000000001758475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539089b9f2047ebf2022-02-14 08:48:40.930root 11241100x80000000000000001758476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e05297a5ff0c3c52022-02-14 08:48:40.930root 11241100x80000000000000001758477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0631763dd6e013b2022-02-14 08:48:40.930root 11241100x80000000000000001758478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1fd2e71e4b9a512022-02-14 08:48:40.931root 11241100x80000000000000001758479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9026de026b42dc2022-02-14 08:48:40.931root 11241100x80000000000000001758480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de526245e9ab118e2022-02-14 08:48:40.931root 11241100x80000000000000001758481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce244c2cef6ef602022-02-14 08:48:40.931root 11241100x80000000000000001758482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85a1c85c4d7a6982022-02-14 08:48:40.931root 11241100x80000000000000001758483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410eb3e9eaac4dad2022-02-14 08:48:40.931root 11241100x80000000000000001758484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e351b0294faeee172022-02-14 08:48:40.931root 11241100x80000000000000001758485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04f1526a9c017542022-02-14 08:48:40.932root 11241100x80000000000000001758486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781f5c604f34850e2022-02-14 08:48:40.932root 11241100x80000000000000001758487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76dc5f16eae734b2022-02-14 08:48:40.932root 11241100x80000000000000001758488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:40.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2841349074ea172022-02-14 08:48:40.932root 11241100x80000000000000001758489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26d6b0a7e2f78ca2022-02-14 08:48:41.429root 11241100x80000000000000001758490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3ab0f7d1346a202022-02-14 08:48:41.430root 11241100x80000000000000001758491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a7e1f96ae306502022-02-14 08:48:41.430root 11241100x80000000000000001758492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9caa2ebd6391b392022-02-14 08:48:41.430root 11241100x80000000000000001758493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410379bfb2be02a42022-02-14 08:48:41.430root 11241100x80000000000000001758494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27662ada87332d162022-02-14 08:48:41.431root 11241100x80000000000000001758495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a82d3e2b16656412022-02-14 08:48:41.431root 11241100x80000000000000001758496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1986448c951bc8fb2022-02-14 08:48:41.431root 11241100x80000000000000001758497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3d524ba64751082022-02-14 08:48:41.432root 11241100x80000000000000001758498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7047b1408ee71b202022-02-14 08:48:41.432root 11241100x80000000000000001758499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce26d9dc1710304b2022-02-14 08:48:41.432root 11241100x80000000000000001758500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8a100443130c062022-02-14 08:48:41.432root 11241100x80000000000000001758501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eeff39aebf5cc5f2022-02-14 08:48:41.432root 11241100x80000000000000001758502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f756c0a744efc12022-02-14 08:48:41.433root 11241100x80000000000000001758503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9a46979b28fabd2022-02-14 08:48:41.433root 11241100x80000000000000001758504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc8d79dc6483a702022-02-14 08:48:41.433root 11241100x80000000000000001758505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d381d28be5ba2d2022-02-14 08:48:41.433root 11241100x80000000000000001758506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e628d6c2904e7252022-02-14 08:48:41.433root 11241100x80000000000000001758507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b782739dfb05a642022-02-14 08:48:41.930root 11241100x80000000000000001758508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fdeb4d45f3982cc2022-02-14 08:48:41.930root 11241100x80000000000000001758509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775078fa37daf2612022-02-14 08:48:41.930root 11241100x80000000000000001758510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbf3ca824bd4fe62022-02-14 08:48:41.930root 11241100x80000000000000001758511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3e322a04bd5fb62022-02-14 08:48:41.930root 11241100x80000000000000001758512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c026ebe1f220a0a2022-02-14 08:48:41.931root 11241100x80000000000000001758513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a82bfe9097b3322022-02-14 08:48:41.931root 11241100x80000000000000001758514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6616da15ab59fd2022-02-14 08:48:41.931root 11241100x80000000000000001758515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7ff08f06f8add32022-02-14 08:48:41.931root 11241100x80000000000000001758516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe2d4b2ee2ca5312022-02-14 08:48:41.931root 11241100x80000000000000001758517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c1197dbd772dcd2022-02-14 08:48:41.931root 11241100x80000000000000001758518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e961aeb3148d9452022-02-14 08:48:41.931root 11241100x80000000000000001758519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff2a018efb7b98b2022-02-14 08:48:41.931root 11241100x80000000000000001758520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b14541934a4ef42022-02-14 08:48:41.931root 11241100x80000000000000001758521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8ac553f850b69a2022-02-14 08:48:41.931root 11241100x80000000000000001758522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:41.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70db5aca7a4274f62022-02-14 08:48:41.931root 11241100x80000000000000001758523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0829290e3abce7d72022-02-14 08:48:42.429root 11241100x80000000000000001758524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6696beaa6ad83272022-02-14 08:48:42.430root 11241100x80000000000000001758525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0e1b834b28f6e42022-02-14 08:48:42.430root 11241100x80000000000000001758526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b08037cd62f46a2022-02-14 08:48:42.430root 11241100x80000000000000001758527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e11df56104052b2022-02-14 08:48:42.430root 11241100x80000000000000001758528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf26d3fe4b2a7402022-02-14 08:48:42.430root 11241100x80000000000000001758529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fa36c2097bb9202022-02-14 08:48:42.431root 11241100x80000000000000001758530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f54d9c70ef9cfd2022-02-14 08:48:42.431root 11241100x80000000000000001758531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d776735dd4f9a52022-02-14 08:48:42.431root 11241100x80000000000000001758532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393769a91c8ee5082022-02-14 08:48:42.431root 11241100x80000000000000001758533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b88502a2a4bb7da2022-02-14 08:48:42.431root 11241100x80000000000000001758534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae0ca3716e22a9a2022-02-14 08:48:42.431root 11241100x80000000000000001758535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddf4eb90ff124802022-02-14 08:48:42.432root 11241100x80000000000000001758536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0529e6e2b5be2b2022-02-14 08:48:42.432root 11241100x80000000000000001758537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068f25b834b218642022-02-14 08:48:42.432root 11241100x80000000000000001758538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dbbbcdfeaf868e2022-02-14 08:48:42.432root 11241100x80000000000000001758539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f2df9a9eef87232022-02-14 08:48:42.433root 11241100x80000000000000001758540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f159afb6ef40a2792022-02-14 08:48:42.930root 11241100x80000000000000001758541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7e9441eebe64272022-02-14 08:48:42.930root 11241100x80000000000000001758542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce45a95733414742022-02-14 08:48:42.930root 11241100x80000000000000001758543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7197d5982f1a49d92022-02-14 08:48:42.930root 11241100x80000000000000001758544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e76ef22bc1ca4c52022-02-14 08:48:42.930root 11241100x80000000000000001758545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad6aeee5d8aa7bd2022-02-14 08:48:42.930root 11241100x80000000000000001758546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ae7c205aa850132022-02-14 08:48:42.931root 11241100x80000000000000001758547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8020df7b69a7b2a62022-02-14 08:48:42.931root 11241100x80000000000000001758548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c6816756ebc1b52022-02-14 08:48:42.931root 11241100x80000000000000001758549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4116b20331477052022-02-14 08:48:42.931root 11241100x80000000000000001758550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ad0b11b00a65422022-02-14 08:48:42.931root 11241100x80000000000000001758551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6960ff4ba5ceb0e52022-02-14 08:48:42.931root 11241100x80000000000000001758552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786348cca629b0f72022-02-14 08:48:42.931root 11241100x80000000000000001758553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcb6a6b3d8227512022-02-14 08:48:42.931root 11241100x80000000000000001758554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d2817ef712e7b92022-02-14 08:48:42.931root 11241100x80000000000000001758555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:42.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5c0abd93a556bf2022-02-14 08:48:42.931root 23542300x80000000000000001758556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.211{ec2ab09f-1002-620a-3078-922c7d550000}1328root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000001758557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca1d96b9eb8b7c32022-02-14 08:48:43.212root 11241100x80000000000000001758558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66520dba1c244002022-02-14 08:48:43.212root 11241100x80000000000000001758559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.212{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326887ae716b36f82022-02-14 08:48:43.212root 11241100x80000000000000001758560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d328398ef0afb942022-02-14 08:48:43.213root 11241100x80000000000000001758561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1f2f8e4b97d5972022-02-14 08:48:43.213root 11241100x80000000000000001758562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e441e73d65bd3a2022-02-14 08:48:43.213root 11241100x80000000000000001758563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd69b2609bcbdfd2022-02-14 08:48:43.213root 11241100x80000000000000001758564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4f61c95cb2d9bf2022-02-14 08:48:43.213root 11241100x80000000000000001758565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.213{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f461526655a02e2022-02-14 08:48:43.213root 11241100x80000000000000001758566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90242406b1d90e732022-02-14 08:48:43.214root 11241100x80000000000000001758567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37714ca7f8a39efd2022-02-14 08:48:43.214root 11241100x80000000000000001758568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82de63dd63374f992022-02-14 08:48:43.214root 11241100x80000000000000001758569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03a0200f44078e42022-02-14 08:48:43.214root 11241100x80000000000000001758570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f3c65f3bbb69c72022-02-14 08:48:43.214root 11241100x80000000000000001758571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89738d278bcf2cb72022-02-14 08:48:43.214root 11241100x80000000000000001758572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.214{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976ae003e86f51862022-02-14 08:48:43.214root 11241100x80000000000000001758573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.215{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be099ac27ed5d8a2022-02-14 08:48:43.215root 11241100x80000000000000001758574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.215{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf295c9d843a1b42022-02-14 08:48:43.215root 11241100x80000000000000001758575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.215{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb04227d70955de02022-02-14 08:48:43.215root 11241100x80000000000000001758576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8963a5af7f700c212022-02-14 08:48:43.680root 11241100x80000000000000001758577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34be2acacb81c2d2022-02-14 08:48:43.680root 11241100x80000000000000001758578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50ab87f5f034a132022-02-14 08:48:43.680root 11241100x80000000000000001758579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf3a012b122d9da2022-02-14 08:48:43.680root 11241100x80000000000000001758580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8c285193c461572022-02-14 08:48:43.680root 11241100x80000000000000001758581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75084bb07de59ac02022-02-14 08:48:43.681root 11241100x80000000000000001758582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b6a82d2beef9f42022-02-14 08:48:43.681root 11241100x80000000000000001758583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8e51cf9601964a2022-02-14 08:48:43.681root 11241100x80000000000000001758584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a76f44591ec40412022-02-14 08:48:43.681root 11241100x80000000000000001758585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c55a8ff218e56532022-02-14 08:48:43.681root 11241100x80000000000000001758586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42022de85e1c199d2022-02-14 08:48:43.681root 11241100x80000000000000001758587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc85a56ee79d01e32022-02-14 08:48:43.681root 11241100x80000000000000001758588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d62e22864ef6f52022-02-14 08:48:43.681root 11241100x80000000000000001758589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f733dc1f0caf582022-02-14 08:48:43.681root 11241100x80000000000000001758590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53680ce5a44c8b232022-02-14 08:48:43.681root 11241100x80000000000000001758591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c371750f46dca9852022-02-14 08:48:43.681root 11241100x80000000000000001758592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:43.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da91c590e40d0e52022-02-14 08:48:43.681root 11241100x80000000000000001758593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9210d417012bd9952022-02-14 08:48:44.180root 11241100x80000000000000001758594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901cf4224012ebbd2022-02-14 08:48:44.180root 11241100x80000000000000001758595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459d1c39d73177c02022-02-14 08:48:44.180root 11241100x80000000000000001758596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c454701a9e6e0162022-02-14 08:48:44.180root 11241100x80000000000000001758597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e18aa8b3088bdd2022-02-14 08:48:44.180root 11241100x80000000000000001758598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70aa9eba2734708f2022-02-14 08:48:44.181root 11241100x80000000000000001758599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e6fd98852f03042022-02-14 08:48:44.181root 11241100x80000000000000001758600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7fd78a225770752022-02-14 08:48:44.181root 11241100x80000000000000001758601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab335aa04a5be1382022-02-14 08:48:44.181root 11241100x80000000000000001758602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1208db4b0a59b0e02022-02-14 08:48:44.181root 11241100x80000000000000001758603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c353c0be6f76ab42022-02-14 08:48:44.181root 11241100x80000000000000001758604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0df0ef268c2728d2022-02-14 08:48:44.181root 11241100x80000000000000001758605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1d80b42abe2b2e2022-02-14 08:48:44.181root 11241100x80000000000000001758606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ee85282ea4ff992022-02-14 08:48:44.181root 11241100x80000000000000001758607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e180d42687d5a012022-02-14 08:48:44.182root 11241100x80000000000000001758608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13dc4d9eac91fd02022-02-14 08:48:44.182root 11241100x80000000000000001758609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.182{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdfbc3b3eb4c2792022-02-14 08:48:44.182root 11241100x80000000000000001758610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9cdc235825b57e2022-02-14 08:48:44.680root 11241100x80000000000000001758611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96d2a758086ee662022-02-14 08:48:44.680root 11241100x80000000000000001758612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a80e1d7c45af15e2022-02-14 08:48:44.680root 11241100x80000000000000001758613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0cc25f902be1022022-02-14 08:48:44.680root 11241100x80000000000000001758614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630057479ad7468f2022-02-14 08:48:44.681root 11241100x80000000000000001758615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4f4cdc8912d1e72022-02-14 08:48:44.681root 11241100x80000000000000001758616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935f688dabcce8902022-02-14 08:48:44.681root 11241100x80000000000000001758617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0314e3417285315a2022-02-14 08:48:44.681root 11241100x80000000000000001758618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aec08a9bcd28c9c2022-02-14 08:48:44.681root 11241100x80000000000000001758619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c94c47394867de2022-02-14 08:48:44.681root 11241100x80000000000000001758620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522c3e7dd83dc1372022-02-14 08:48:44.681root 11241100x80000000000000001758621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c739521e274160842022-02-14 08:48:44.681root 11241100x80000000000000001758622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be2946899a24cc82022-02-14 08:48:44.681root 11241100x80000000000000001758623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17328405adbe2caf2022-02-14 08:48:44.682root 11241100x80000000000000001758624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fe9df916606e6f2022-02-14 08:48:44.682root 11241100x80000000000000001758625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfd81a532a7926e2022-02-14 08:48:44.682root 11241100x80000000000000001758626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:44.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2052d359f6f37bee2022-02-14 08:48:44.682root 11241100x80000000000000001758627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b3b57737d0023f2022-02-14 08:48:45.180root 11241100x80000000000000001758628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3833ee3f868f092022-02-14 08:48:45.180root 11241100x80000000000000001758629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.180{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d05c301e61274e2022-02-14 08:48:45.180root 11241100x80000000000000001758630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ae586755f05b3a2022-02-14 08:48:45.181root 11241100x80000000000000001758631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53364cbf522fa6542022-02-14 08:48:45.181root 11241100x80000000000000001758632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3172311fa87242872022-02-14 08:48:45.181root 11241100x80000000000000001758633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378d1afda2fd0f992022-02-14 08:48:45.181root 11241100x80000000000000001758634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3194c4add7dd8c512022-02-14 08:48:45.181root 11241100x80000000000000001758635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9b4c3f265182da2022-02-14 08:48:45.181root 11241100x80000000000000001758636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2af81a2a7987ad52022-02-14 08:48:45.181root 11241100x80000000000000001758637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3855bb9072d00fd22022-02-14 08:48:45.181root 11241100x80000000000000001758638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc5e1a4e31d223d2022-02-14 08:48:45.181root 11241100x80000000000000001758639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3149a3b855463902022-02-14 08:48:45.181root 11241100x80000000000000001758640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328b3fcecbd845092022-02-14 08:48:45.181root 11241100x80000000000000001758641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26425d705b9b4a2c2022-02-14 08:48:45.181root 11241100x80000000000000001758642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52dc47363a2d3172022-02-14 08:48:45.181root 11241100x80000000000000001758643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.181{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b7c28f1ec6bd442022-02-14 08:48:45.181root 11241100x80000000000000001758644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde4cb1ebe94d8002022-02-14 08:48:45.680root 11241100x80000000000000001758645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330ad29938933cef2022-02-14 08:48:45.680root 11241100x80000000000000001758646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dee946ba4bcf822022-02-14 08:48:45.680root 11241100x80000000000000001758647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.680{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85e6656cf9feb5c2022-02-14 08:48:45.680root 11241100x80000000000000001758648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c48448ca77439e02022-02-14 08:48:45.681root 11241100x80000000000000001758649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7faa33dd6acb17552022-02-14 08:48:45.681root 11241100x80000000000000001758650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3c4291449c11312022-02-14 08:48:45.681root 11241100x80000000000000001758651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79c55c23a6ae79f2022-02-14 08:48:45.681root 11241100x80000000000000001758652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4861f2360614fae12022-02-14 08:48:45.681root 11241100x80000000000000001758653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40db425539800b7a2022-02-14 08:48:45.681root 11241100x80000000000000001758654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be98bb91093c9932022-02-14 08:48:45.681root 11241100x80000000000000001758655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072195dda463a6502022-02-14 08:48:45.681root 11241100x80000000000000001758656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.681{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228aafedefe434f82022-02-14 08:48:45.681root 11241100x80000000000000001758657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509ba2b5b3b45a052022-02-14 08:48:45.682root 11241100x80000000000000001758658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237a8cc34f5f9a432022-02-14 08:48:45.682root 11241100x80000000000000001758659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e1aa72d49a17ca2022-02-14 08:48:45.682root 11241100x80000000000000001758660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:45.682{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3bc9dcf7b234a02022-02-14 08:48:45.682root 354300x80000000000000001758661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.009{ec2ab09f-1042-620a-5175-3a0400000000}1753/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51592-false10.0.1.12-8000- 11241100x80000000000000001758662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.009{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31286367f6055922022-02-14 08:48:46.009root 11241100x80000000000000001758663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.009{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9df8bd74af147f2022-02-14 08:48:46.009root 11241100x80000000000000001758664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.010{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef872b13a8839c62022-02-14 08:48:46.010root 11241100x80000000000000001758665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.010{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708d2da7e3af4d3d2022-02-14 08:48:46.010root 11241100x80000000000000001758666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.010{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c5385b8f939ee32022-02-14 08:48:46.010root 11241100x80000000000000001758667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.010{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d57ec59b9d2f6e2022-02-14 08:48:46.010root 11241100x80000000000000001758668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.010{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e031e7febbfea72022-02-14 08:48:46.010root 11241100x80000000000000001758669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.010{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbe9e321600fbdc2022-02-14 08:48:46.010root 11241100x80000000000000001758670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.011{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4298d6502cc370c2022-02-14 08:48:46.011root 11241100x80000000000000001758671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.011{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d36b31add45d612022-02-14 08:48:46.011root 11241100x80000000000000001758672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.011{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f8c192e3f97d262022-02-14 08:48:46.011root 11241100x80000000000000001758673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.011{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b530df9c35237e532022-02-14 08:48:46.011root 11241100x80000000000000001758674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.011{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1af8be1db035b642022-02-14 08:48:46.011root 11241100x80000000000000001758675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.011{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe9253c3d22f9a42022-02-14 08:48:46.011root 11241100x80000000000000001758676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.011{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981d134d21f6b6ce2022-02-14 08:48:46.011root 11241100x80000000000000001758677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.011{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765efd818cd49db82022-02-14 08:48:46.011root 11241100x80000000000000001758678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.011{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0daa51a98297389a2022-02-14 08:48:46.011root 11241100x80000000000000001758679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.013{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8610a7aa9d79bdaa2022-02-14 08:48:46.013root 11241100x80000000000000001758680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.013{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528c355a402d58372022-02-14 08:48:46.013root 11241100x80000000000000001758681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.013{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9966bb0124ef4372022-02-14 08:48:46.013root 11241100x80000000000000001758682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.014{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfe52c8263112052022-02-14 08:48:46.014root 11241100x80000000000000001758683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.016{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b0b4f80b3301922022-02-14 08:48:46.016root 11241100x80000000000000001758684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.016{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4da1b692fc1f8552022-02-14 08:48:46.016root 11241100x80000000000000001758685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70e928b635f4cf52022-02-14 08:48:46.430root 11241100x80000000000000001758686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15f33d9dce2024d2022-02-14 08:48:46.431root 11241100x80000000000000001758687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbce82b390c57032022-02-14 08:48:46.431root 11241100x80000000000000001758688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b069d8a23abe99b02022-02-14 08:48:46.431root 11241100x80000000000000001758689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681aba83e380f7082022-02-14 08:48:46.431root 11241100x80000000000000001758690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16720048928312012022-02-14 08:48:46.432root 11241100x80000000000000001758691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06771e2c476a0462022-02-14 08:48:46.432root 11241100x80000000000000001758692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3aac7c0c8f09992022-02-14 08:48:46.432root 11241100x80000000000000001758693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590b0f48d0b8917f2022-02-14 08:48:46.432root 11241100x80000000000000001758694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cdaeb109200fd102022-02-14 08:48:46.432root 11241100x80000000000000001758695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077c8295abcec7902022-02-14 08:48:46.432root 11241100x80000000000000001758696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9508448b2a3267762022-02-14 08:48:46.432root 11241100x80000000000000001758697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3108a53d9a840b2022-02-14 08:48:46.433root 11241100x80000000000000001758698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb58dca381dbdf22022-02-14 08:48:46.433root 11241100x80000000000000001758699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccd3a3ef7b964352022-02-14 08:48:46.433root 11241100x80000000000000001758700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41508027c8a1b4a2022-02-14 08:48:46.433root 11241100x80000000000000001758701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8134b0d884386c262022-02-14 08:48:46.434root 11241100x80000000000000001758702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.434{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afeba4cbf2238a092022-02-14 08:48:46.434root 11241100x80000000000000001758703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a3328fcae77e2f2022-02-14 08:48:46.930root 11241100x80000000000000001758704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc09e552e5e54ec62022-02-14 08:48:46.930root 11241100x80000000000000001758705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e95393633fa55c2022-02-14 08:48:46.930root 11241100x80000000000000001758706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380397ab5f9f82772022-02-14 08:48:46.930root 11241100x80000000000000001758707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c403be3d4dfb5672022-02-14 08:48:46.931root 11241100x80000000000000001758708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc46dabf701768e22022-02-14 08:48:46.931root 11241100x80000000000000001758709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399e558f93b9d5912022-02-14 08:48:46.931root 11241100x80000000000000001758710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5938d8fc20cc8e4b2022-02-14 08:48:46.931root 11241100x80000000000000001758711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a9bef53fdc68102022-02-14 08:48:46.931root 11241100x80000000000000001758712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fedc89b7aa8bece2022-02-14 08:48:46.931root 11241100x80000000000000001758713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b350ec04a200c672022-02-14 08:48:46.931root 11241100x80000000000000001758714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec73d02e1c996812022-02-14 08:48:46.931root 11241100x80000000000000001758715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183885e9dadca4512022-02-14 08:48:46.931root 11241100x80000000000000001758716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d70bcec52dda05f2022-02-14 08:48:46.931root 11241100x80000000000000001758717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788293c60fcdb4e42022-02-14 08:48:46.931root 11241100x80000000000000001758718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c03cba70bb5dc352022-02-14 08:48:46.931root 11241100x80000000000000001758719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6926ad8feaaa9a2022-02-14 08:48:46.931root 11241100x80000000000000001758720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:46.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c917d56e97f7035b2022-02-14 08:48:46.932root 11241100x80000000000000001758721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.429{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1f41380b02e2202022-02-14 08:48:47.429root 11241100x80000000000000001758722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e470d29329831e72022-02-14 08:48:47.430root 11241100x80000000000000001758723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca2c12a42c196372022-02-14 08:48:47.430root 11241100x80000000000000001758724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9facfa2128fb2d2022-02-14 08:48:47.430root 11241100x80000000000000001758725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23363795aee8fc7e2022-02-14 08:48:47.430root 11241100x80000000000000001758726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d376c21063a06d2022-02-14 08:48:47.430root 11241100x80000000000000001758727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.430{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f2d322c28103b32022-02-14 08:48:47.430root 11241100x80000000000000001758728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665361fde05db4982022-02-14 08:48:47.431root 11241100x80000000000000001758729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff8ecc4ef3846db2022-02-14 08:48:47.431root 11241100x80000000000000001758730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe7eec815644c002022-02-14 08:48:47.431root 11241100x80000000000000001758731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b04452b34920bf2022-02-14 08:48:47.431root 11241100x80000000000000001758732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.431{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4fa65989e374562022-02-14 08:48:47.431root 11241100x80000000000000001758733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494429a6e4c627de2022-02-14 08:48:47.432root 11241100x80000000000000001758734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c16e46c12a4cbf2022-02-14 08:48:47.432root 11241100x80000000000000001758735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe52add8c76adde2022-02-14 08:48:47.432root 11241100x80000000000000001758736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.432{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56752df71f5d67362022-02-14 08:48:47.432root 11241100x80000000000000001758737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e552000c56cf7d8b2022-02-14 08:48:47.433root 11241100x80000000000000001758738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c1ae931ddb2c3c2022-02-14 08:48:47.433root 11241100x80000000000000001758739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3448805411a5f02022-02-14 08:48:47.433root 11241100x80000000000000001758740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.433{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f45ed987ab178f72022-02-14 08:48:47.433root 11241100x80000000000000001758741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beae2369a3fe6a182022-02-14 08:48:47.930root 11241100x80000000000000001758742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14c31775d8c85cc2022-02-14 08:48:47.930root 11241100x80000000000000001758743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79abbfb8045c75522022-02-14 08:48:47.930root 11241100x80000000000000001758744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.930{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31884affdd824f7a2022-02-14 08:48:47.930root 11241100x80000000000000001758745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f655148b3d8a002022-02-14 08:48:47.931root 11241100x80000000000000001758746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebda142e94303412022-02-14 08:48:47.931root 11241100x80000000000000001758747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1b48bc4be8dfaa2022-02-14 08:48:47.931root 11241100x80000000000000001758748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59e00a4cb7afcc72022-02-14 08:48:47.931root 11241100x80000000000000001758749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d61a43e36e6ad32022-02-14 08:48:47.931root 11241100x80000000000000001758750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97b48f77c9945672022-02-14 08:48:47.931root 11241100x80000000000000001758751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d09dbacebb691e52022-02-14 08:48:47.931root 11241100x80000000000000001758752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.931{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89269b890c9165762022-02-14 08:48:47.931root 11241100x80000000000000001758753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea6814418dc35512022-02-14 08:48:47.932root 11241100x80000000000000001758754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f621145eb264462022-02-14 08:48:47.932root 11241100x80000000000000001758755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70088fe7d741760f2022-02-14 08:48:47.932root 11241100x80000000000000001758756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f15b68442358962022-02-14 08:48:47.932root 11241100x80000000000000001758757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670217fb2c2a9e422022-02-14 08:48:47.932root 11241100x80000000000000001758758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1898-2022-02-14 08:48:47.932{ec2ab09f-1008-620a-3038-4b2bf3550000}1571/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1309e361297f18e92022-02-14 08:48:47.932root